How to enable Log at Session end from CLI in the security policy at Panorama?
12651
Created On 11/03/20 04:58 AM - Last Modified 11/03/20 04:59 AM
Question
How to enable Log at Session end from CLI in the security policy at Panorama?
Environment
-All PAN-OS
-All Panorama.
Answer
Below is the command to configure Log at Session end from CLI;
M-100# set device-group vsys1 pre-rulebase security rules All-Outbound log-end yes
[edit]
M-100# commit
Commit job 1111 is in progress. Use Ctrl+C to return to command prompt
.15%.....20%.....30%.....40%.....50%.....60%.....70%.....80%.....90%.....100%
Configuration committed successfully
[edit]
M-100# show device-group vsys1 pre-rulebase security rules All-Outbound
All-Outbound {
to L3-Untrust;
from L3-Trust;
source any;
destination any;
source-user any;
category any;
application any;
service application-default;
hip-profiles any;
action allow;
log-setting Log-to-Panorama;
profile-setting {
profiles {
file-blocking strict-all;
wildfire-analysis wf-prof;
}
}
target {
negate no;
}
log-start no;
log-end yes; --------------------------->>>
M-100# set device-group vsys1 pre-rulebase security rules All-Outbound log-end yes
[edit]
M-100# commit
Commit job 1111 is in progress. Use Ctrl+C to return to command prompt
.15%.....20%.....30%.....40%.....50%.....60%.....70%.....80%.....90%.....100%
Configuration committed successfully
[edit]
M-100# show device-group vsys1 pre-rulebase security rules All-Outbound
All-Outbound {
to L3-Untrust;
from L3-Trust;
source any;
destination any;
source-user any;
category any;
application any;
service application-default;
hip-profiles any;
action allow;
log-setting Log-to-Panorama;
profile-setting {
profiles {
file-blocking strict-all;
wildfire-analysis wf-prof;
}
}
target {
negate no;
}
log-start no;
log-end yes; --------------------------->>>