{"id":529,"date":"2023-07-05T06:59:34","date_gmt":"2023-07-05T05:59:34","guid":{"rendered":"https:\/\/worldofsecurity.de\/?p=529"},"modified":"2023-07-05T06:59:34","modified_gmt":"2023-07-05T05:59:34","slug":"palo-alto-networks-firewall-index-numbers-in-flow-basic-output","status":"publish","type":"post","link":"https:\/\/blog.helge-meyer.de\/?p=529","title":{"rendered":"Palo Alto Networks Firewall &#8211; Index Numbers in Flow Basic Output"},"content":{"rendered":"<p>Output: <strong>port 17<\/strong> or <strong>interface 17<\/strong><br \/>\nResolve: <strong>show interfaces all<\/strong> and check the coloum &#8220;id&#8221;<\/p>\n<p>Example:<\/p>\n<pre><span style=\"font-family: courier new, courier, monospace;\"><code class=\"\" data-line=\"\">admin@firewall-a&gt; show interface all\n\ntotal configured hardware interfaces: 8\n\nname                    id    speed\/duplex\/state            mac address\n--------------------------------------------------------------------------------\nethernet1\/1             16    10000\/full\/up                 00:50:56:bb:73:01\nethernet1\/2             17    10000\/full\/up                 00:50:56:bb:73:02\nethernet1\/3             18    10000\/full\/up                 00:50:56:bb:73:03\nethernet1\/4             19    10000\/full\/up                 00:50:56:bb:73:04\nethernet1\/5             20    10000\/full\/up                 00:50:56:bb:73:05\nethernet1\/6             21    10000\/full\/up                 00:50:56:bb:73:06\nethernet1\/7             22    10000\/full\/up                 00:50:56:bb:73:07\ntunnel                  4     [n\/a]\/[n\/a]\/up                7c:89:c2:20:81:04<\/code><\/span><\/pre>\n<p>Output: zone 3<br \/>\nResolve: <strong>debug device-server dump idmgr type zone all<\/strong> and check the coloum &#8220;ID&#8221;<\/p>\n<p>Example:<\/p>\n<pre><span style=\"font-family: courier new, courier, monospace;\"><code class=\"\" data-line=\"\">admin@firewall-a&gt; debug device-server dump idmgr type zone all\n\nID         Version    Name\n---------- ---------- --------------------\n1          4          vsys1+outside\n2          4          vsys1+inside\n3          4          vsys1+dmz\n4          4          vsys1+danger\n5          6          vsys1+Internet\n6          6          vsys1+Users_Net\n7          6          vsys1+DataCentre\n8          6          vsys1+Acquisition\n9          6          vsys1+Guest_Wifi\n10         6          vsys1+DC-VPN\n\nType: 12 Last id: 11 Current Version: 6 Mismatch cnt: 0<\/code><\/span><\/pre>\n<p>Output: Policy lookup, matched rule index 0,<br \/>\nResolve: <strong>show running security-policy | match &#8220;\\{&#8220;<\/strong> . The debug output starts with 0 and the webui with 1!<\/p>\n<p>Example:<\/p>\n<pre><span style=\"font-family: courier new, courier, monospace;\"><code class=\"\" data-line=\"\">admin@firewall-a&gt; show running security-policy | match &quot;\\{&quot;\n&quot;Block-from-Known-Bad-Addresses; index: 1&quot; {    &lt;-- 0\n&quot;Internet_to_DC_Webserver; index: 2&quot; {.         &lt;-- 1\n&quot;Block-to-Known-Bad-Addresses; index: 3&quot; {.     &lt;-- 2\n&quot;Block-Bad-Apps; index: 4&quot; {                    &lt;-- 3\n&quot;Allow-PANW-Apps; index: 5&quot; {                   &lt;-- 4\n&quot;Software_Updates; index: 6&quot; {                  &lt;-- 5\n&quot;Real-time-Protocols_to_Internet; index: 7&quot; {.  &lt;-- 6<\/code><\/span><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Output: port 17 or interface 17 Resolve: show interfaces all and check the coloum &#8220;id&#8221; Example: admin@firewall-a&gt; show interface all total configured hardware interfaces: 8 name id speed\/duplex\/state mac address &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211; ethernet1\/1 16 10000\/full\/up 00:50:56:bb:73:01 ethernet1\/2 17 10000\/full\/up 00:50:56:bb:73:02 ethernet1\/3 18 10000\/full\/up 00:50:56:bb:73:03 ethernet1\/4 19 10000\/full\/up 00:50:56:bb:73:04 ethernet1\/5 20 10000\/full\/up 00:50:56:bb:73:05 ethernet1\/6 21 10000\/full\/up 00:50:56:bb:73:06 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[26,27,6],"class_list":["post-529","post","type-post","status-publish","format-standard","hentry","category-palo-alto-networks","tag-debug","tag-flow-basic","tag-palo-alto-networks"],"_links":{"self":[{"href":"https:\/\/blog.helge-meyer.de\/index.php?rest_route=\/wp\/v2\/posts\/529","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.helge-meyer.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.helge-meyer.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.helge-meyer.de\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.helge-meyer.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=529"}],"version-history":[{"count":9,"href":"https:\/\/blog.helge-meyer.de\/index.php?rest_route=\/wp\/v2\/posts\/529\/revisions"}],"predecessor-version":[{"id":538,"href":"https:\/\/blog.helge-meyer.de\/index.php?rest_route=\/wp\/v2\/posts\/529\/revisions\/538"}],"wp:attachment":[{"href":"https:\/\/blog.helge-meyer.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=529"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.helge-meyer.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=529"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.helge-meyer.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=529"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}