Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
Session end equals Threat but no threat logs. - Knowledge Base - Palo Alto Networks

Session end equals Threat but no threat logs.

41125
Created On 04/09/20 18:24 PM - Last Modified 10/15/24 12:55 PM


Symptom


You see in your traffic logs that the session end reason is Threat. You look in your threat logs and see no related logs. Now what?

Environment


PANOS, threat, file blocking, URL filtering, security profiles



Cause


The reason you are seeing this session end as threat could be due to your file blocking or URL filtering profile being triggered by the traffic which have their own separate logs.



Resolution


You can check your Data Filtering or URL Filtering logs to find this traffic.

  • Data Filtering logs: Monitor tab > on the left side under logs select Data Filtering 
  • URL Filtering logs: Monitor tab > on the left side under logs select URL Filtering 

You can also check your Unified logs which contain all of these logs.

  • Unified logs: Monitor tab > on the left side under logs select Unified 

Once identified, if you want to make changes to a profile to allow this traffic:

  • In the Data Filtering or URL Filtering logs, identify the policy rule the traffic is hitting.
  • Next, go to that specific security rule and look to see which File Blocking or URL Filtering profile is being used in the policy rule.
  • Once you know the profile that is being used, you can then go to the profile at Objects tab >Security Profiles > File Blocking or Objects tab >Security Profiles > URL Filtering.
  • Then select the name of the File Blocking or URL Filtering profile. There you can check the configuration of the profile which is causing the traffic to be blocked.
  • You can then adjust your File Blocking or URL Filtering profile accordingly to allow this traffic. 


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PPZ4CAO&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail