Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
Traffic log at session start shows a different rule & URL categ... - Knowledge Base - Palo Alto Networks

Traffic log at session start shows a different rule & URL category

24115
Created On 09/26/18 13:55 PM - Last Modified 09/07/24 10:45 AM


Resolution


If traffic log at session 'start' is enabled then there will be logs seen with incorrect security rule.

 

For example, a general outbound Trust to Untrust allow any application security rule exist (lower in the order)

A rule exists up in the order 'OTS_Allow_Microsoft_Licensing' to allow only selective URLs.

 

The security rules are scanned from top to bottom.

When the traffic is received, the first security rule in the order will be matched to allow traffic while the firewall is still identifying the correct URL and matching security rule.

The session browser or CLI will show the correct matching rule.

However, the traffic log at 'session start' (pic) will show a non-matching rule. However, keep in mind that the traffic is still not allowed.

The traffic log at 'session end' will show the correct rule which allowed the traffic.

 

 

traffic-sessionrule.JPG.jpg
Other users also viewed:
How to download GlobalProtect from the Customer Support Portal
Download and Install the GlobalProtect App for Windows
Resource List: GlobalProtect Configuring and Troubleshooting
PAN-OS Software Updates
Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)
Results 1-5 of 238,760
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm27CAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language