Palo Alto troubleshooting workspace

PaloFilter

Build paste-ready Palo Alto log queries, compare candidate policies, and isolate what was allowed, denied, or dropped without rebuilding search syntax by hand. This tool is built for the personal use of Enkiel, but feel free to use it if you find it helpful as a newbie firewall administrator.

Static-first Local presets Netlify ready

Main builder

Filter Builder

Type: empty

Pick how you want to use the value as a filter.

Conditions

Quick templates

Generated query

Reference fields

The builder uses documented Palo Alto search fields such as addr.src, addr.dst, port.dst, rule, rule_uuid, action, category, misc, from, to, and srcuser, plus advanced fields from the Palo Alto log field documentation.

    Side-by-side narrowing

    Compare 2 to 4 Policies

    Shared context

    Allowed versus blocked

    Action Compare

    URL pivot

    URL Investigation

    Open Test A Site

    URL logs for allowed categories only appear when the relevant profile action is set to log. This section builds the query, but matching results still depend on firewall logging configuration. Built-in PAN-DB categories are normalized to lowercase, while custom URL category names keep the exact case you enter.

    Rulebase and profile search

    Policy Object Filters

    These filters are for rulebase, URL category, URL Filtering profile, and security profile group searches. Keep them separate from Monitor log filters because they use configuration paths such as profile-setting/group/member.

    Local browser storage

    Presets and History

    Saved presets

    Recent queries