Palo Alto troubleshooting workspace

PaloFilter

Build paste-ready Palo Alto log queries, compare candidate policies, and isolate what was allowed, denied, or dropped without rebuilding search syntax by hand. This tool is built for the personal use of Enkiel, but feel free to use it if you find it helpful as a newbie firewall administrator.

Static-first Local presets Netlify ready

Main builder

Filter Builder

Build custom Traffic, Threat, or URL log filters from one or more conditions.

Type: empty

Pick how you want to use the value as a filter.

Conditions

Use row joins and group markers to build filters like A and ( B or C ).

Quick templates

Generated query

Reference fields

The builder uses documented Palo Alto search fields such as addr.src, addr.dst, port.dst, rule, rule_uuid, action, category, url, from, to, and srcuser, plus advanced fields from the Palo Alto log field documentation.

    Side-by-side narrowing

    Compare 2 to 4 Policies

    Generate matching filters for candidate rules so you can compare which policy handled the same flow.

    Shared context

    Optional values here are applied to every candidate policy query.

    Allowed versus blocked

    Action Compare

    Create allow, deny, drop, and blocked-set pivots for the same source, destination, app, port, or rule.

    URL pivot

    URL Investigation

    Build URL Filtering log searches using exact or partial URL matches, category, rule, and action.

    Open Test A Site

    URL logs for allowed categories only appear when the relevant profile action is set to log. This section builds the query, but matching results still depend on firewall logging configuration. Built-in PAN-DB categories are normalized to lowercase, while custom URL category names keep the exact case you enter.

    Rulebase and profile search

    Policy Object Filters

    Search configuration objects such as policy names, custom URL category members, URL profiles, and profile groups.

    These filters are for rulebase, URL category, URL Filtering profile, and security profile group searches. Keep them separate from Monitor log filters because they use configuration paths such as profile-setting/group/member.

    Local browser storage

    Presets and History

    Saved presets and copied-query history stay in this browser only.

    Saved presets

    Queries you name and save from the Builder appear here.

    Recent queries

    Copied generated queries are listed here for quick reuse.