Tuesday, September 9, 2025

How 3 Way Handshake Works on Palo Alto

 

How 3 way handshake works on Palo Alto 



https Traffic










Create a filter via Gui



View Filter created from GUI (Note you will have to create 2 filters one for outgoing and other for incoming
debug dataplane packet-diag clear filter index all  (This command Clear all filters)

All debug packet filters deleted
>
> debug dataplane packet-diag show setting

--------------------------------------------------------------------------------
Packet diagnosis setting:
--------------------------------------------------------------------------------
Packet filter
  Enabled:                   no
  Match pre-parsed packet:   no
  Filter offload:            yes            
--------------------------------------------------------------------------------
Logging
  Enabled:                   no
  Log-throttle:              no
  Sync-log-by-ticks:         yes            
  Features:
  Counters:
  Timeout duration:          60 seconds
  Buffer threshold:          80%
  CPU threshold:             80%
--------------------------------------------------------------------------------
Packet capture
  Enabled:                   no
  Snaplen:                   0
  Username:                              
--------------------------------------------------------------------------------

(active)> 

you can only create 4 filters by means of Index 
Index 1 (Sending traffic)
Index 2 (Reply or returning traffic)

> debug dataplane packet-diag set filter index 1 match source 10.1.2.200/32  destination 10.2.2.101/32  destination-port 80  ingress-interface ethernet1/2 protocol 6

> debug dataplane packet-diag set filter index 2 match source 10.2.2.101/32   destination 10.1.2.200/32   source-port 80  ingress-interface ethernet1/3 protocol 6

Now you will have to set the filter on
debug dataplane packet-diag set filter on

Verify Filter is set 
debug dataplane packet-diag show setting

source 10.1.2.200/32  destination 10.2.2.101/32  proto 6
source  10.2.2.101/32 destination 10.1.2.200/32   proto 6

(active)> debug dataplane packet-diag show setting

--------------------------------------------------------------------------------
Packet diagnosis setting:
--------------------------------------------------------------------------------
Packet filter
  Enabled:                   no
  Match pre-parsed packet:   no
  Filter offload:            yes            
  Index 1: 100.200.59.145/32[0]->216.18.88.34/32[443], proto 6
           ingress-interface ethernet1/15, egress-interface any, exclude non-IP
--------------------------------------------------------------------------------
Logging
  Enabled:                   no
  Log-throttle:              no
  Sync-log-by-ticks:         yes            
  Features:
  Counters:
  Timeout duration:          60 seconds
  Buffer threshold:          80%
  CPU threshold:             80%
--------------------------------------------------------------------------------
Packet capture
  Enabled:                   no
  Snaplen:                   0
  Username:                              
--------------------------------------------------------------------------------



How to create Filter VIA Command Line 

>debug dataplane packet-diag show setting



How to Enable The Filter 
4  types
Recieve
Firewall
Transmit

Policy



Filters can also be set from  GUI   Monitor  => PacketCapture => Manage Filters








https://www.youtube.com/watch?v=e2-be-W_IWA&t=100s\

How to setup NAT filter 




at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Global Protect Troubleshooting

Global Protect Components Certificate Management Connections Authentication Debugging https://www.youtube.com/watch?v=0Z48WHvyW0Q authentica...