Author: Bob Lin

Palo Alto Firewall not only allows you to monitor activity on your network, but also is a useful troubleshooting tool. This video shows you how to monitor and troubleshoot related to Port Traffic Filter.

Example 1: To shows all traffic traveling from source port 3389, use this command: (port.src eq 3389)

From the results, we can see type, source IP address, Destination IP address, port, applications, action  and Rule.

Example 2: To shows all traffic traveling to destination port 443, use this command: (port.dst eq 443).

Example 3: to shows all traffic traveling from source port 80 and traveling to destination port 443, use this command:  (port.src eq 80) and (port.dst eq 443)

Example 4: To shows all traffic traveling from source ports 1-22, use this command: (port.src leq 22).

Note: the port starts at 0.

Example 5: To shows all traffic traveling from source ports 1024 – 65535, use this command: (port.src leq 22).

Example 6: To All Ports Greater Than Or Equal To Port 1024, use this command: (port.dst geq 1024).

Example 7: To shows all traffic traveling from source port range 20-53, use this command: (port.src leq 22).

Example 8: To hows all traffic traveling to destination ports 1024 – 13002, use this command: (port.dst geq 1024) and (port.dst leq 13002).

Please view this step by step video:

Palo Alto Firewall not only allows you to monitor activity on your network, but also is a useful troubleshooting tool. This article shows you how to monitor and troubleshoot related to Zone Traffic Filter.

Example 1: To shows all traffic coming from the GlobalProtect zone, use this command: ( zone.src eq GlobalProtect )

From the results, we can see source IP address, VPN username, Destination IP address, port, applications, action  and Rule.

Example 2: To shows all traffic going out the AWS zone, use this command:

(zone.dst eq AWS).

The result shows from trust to AWS, source IP address, destination IP address, p[ort, application and rule.

Example 3: to shows all traffic traveling from the GlobalProtect zone and going out the DMZ zone use this command: ( zone.src eq GlobalProtect ) and ( zone.dst eq dmz )

Case 1: The client provides remote desktop access for their customers. Service dept reports some customers can’t access the remote server and would lie to know if their firewall blocks customers’ IP address.

Resolution:  Run this command: ( zone.src eq untrust ) and ( action eq deny) and ( port.dst eq 3389 ). The result shows the firewall blocks only foreign countries IP addresses as shown next page.

Finally, they find the RDP server has a software called RDPGurad which blocks any failed login 3 times accounts. It is no thing to do with the firewall. The case closes.

please view step by step video:

Situation: When installing installing Windows 10 version 2004, the client’s receives top code: KMODE EXCEPTION NOT HANDLED BSOD.

Troubleshooting: The windows creates C:\Windows\Minidump and it seems to us the computer is not compatible with version 2004. Re-installing Windows 10 version 1909 fixes the problem.

Situation; After a windows update, the client’s windows 10 receives top code: KMODE EXCEPTION NOT HANDLED BSOD.

Troubleshooting: The windows creates C:\Windows\Minidump and we can tell it is installing Windows 10 Version 2004. It seems to us the computer is not compatible with version 2004. Re-installing Windows 10 version 1909 fixes the problem.

Situation: A user reports she has a problem using audio.

Troubleshooting: We find that Windows 10 KB4565351 update may change the audio settings. You may receive “no audio output/input is enabled” error

The resolution is going to Settings> System>Sound to reset input and output.

Situation: When attempting to re-install Windows 10 on a computer, you may receive this message: “Windows cannot be installed to this disk. The selected disk is not of the GPT partition style”

Resolution 1: Convert MBR to GPT with Windows Installation Media

Step 1. Turn off the PC and put in the Windows installation DVD or USB.

Step 2. Boot the PC from the DVD or USB.

Step 3. In Windows Setup, press “Shift + F10” to start Command Prompt.

Step 4. Enter the following command in order:

diskpart

list disk

select disk 1 (choose the disk you want to install Windows on)

clean

convert gpt

exit

Situation: When installing Windows 10 KB4566782, some user reported they can’t install it with error code 0x800f081f.

Troubleshooting: 1. Download the update from the Microsoft and install it manually. Please refer to this post:

Download and install Windows 10 update manually

2. Download and install Windows 10 Update Assistant. Please view this step by step video.

How to download and install Windows 10 Update Assistant

This article shows you how to download and save all your WeChat information such as contacts, chats, moments, favorite. Here is how.

1. In the WeChat Home page, tap Me.
2. Tap Settings.
3. Under Settings, tap Account Security.
4. Under Account Security, tap More Settings.
5. If you never verify your QQ or Email, select QQ or Email to Verified. If you do verify before, tap on Export Personal Data.
6. No matter which options you select in step 5, you will wait for an email from WeChat to verify or send data to you. It may take 24 hours.
7. This is the example of the Verify email. Click OK to verify.

8. After you receive the Personal data download email, click the link to download your WeChat data.

Note: If you don’t receive the verify email or personal data download email after 24 hours, you may check the Spam or Junk folder in your emailbox.

If you can’t find the email sent by WeChat, you have an option to request them to resend by taping Export Personal Data.

Tap the New request for personal data or Data request completed.

You should see this popup. Tap OK or Email not received?

Please view this step by step video:

Situation: the client has a server running Hyper-v. When he tries to start VM, he gets Hypervisor is not running message.

Troubleshooting: go to BIOS to enable Hypervisor Technology under Advanced Options settings.

Situation: When running “DISM.exe /Online /Cleanup-image /Restorehealth” for fixing Windows update problem, you may receive this error: 0x800f081f

C:\Users\administrator>DISM.exe /Online /Cleanup-image /Restorehealth

Deployment Image Servicing and Management tool
Version: 10.0.18362.900

Image Version: 10.0.18363.1016

[===========================84.9%================= ]
[==========================100.0%==========================]
Error: 0x800f081f

The source files could not be found.
Use the “Source” option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077.

The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log

Resolution: Download and install Windows update assistant.