Palo Alto Traffic Monitor Filtering

Host Traffic Filter Examples

  • From Host a.a.a.a

    Syntax: (addr.src in a.a.a.a)
    Example: (addr.src in 1.1.1.1)

  • To Host b.b.b.b

    Syntax: (addr.dst in b.b.b.b)
    Example: (addr.dst in 2.2.2.2)

  • From Host a.a.a.a and To Host b.b.b.b

    Syntax: (addr.src in a.a.a.a) and (addr.dst in b.b.b.b)
    Example: (addr.src in 1.1.1.1) and (addr.dst in 2.2.2.2)

  • From Host a.a.a.a or Host c.c.c.c To Host b.b.b.b

    Syntax: ((addr.src in a.a.a.a) or (addr.src in c.c.c.c)) and (addr.dst in b.b.b.b)
    Example: ((addr.src in 1.1.1.1) or (addr.src in 3.3.3.3)) and (addr.dst in 2.2.2.2)

  • To Host Range

    Syntax: (addr.src in a.a.a.a/CIDR)
    Example: (addr.src in 10.10.10.2/30)
    Explanation: shows traffic coming from addresses ranging from 10.10.10.1 – 10.10.10.3

  • To or From Host a.a.a.a

    Syntax: (addr in a.a.a.a)
    Example: (addr in 1.1.1.1)