https://live.paloaltonetworks.com/t5/next-generation-firewall/security-policy/m-p/568147#M2203 <P>Hello,</P> <P>&nbsp;</P> <P>I have created a security policy with the below details. I am the hitting following URL <A href="https://10.x.x.x:15671" target="_blank">https://10.x.x.x:15671</A>&nbsp;and I see the 'connection is reset' in the browser. I see traffic is hitting the policy (Hit count) but it's not logging. When I set the action to Deny/Drop/reset-client\reset-server the traffic is logging when hits the rule. What could be the reason why traffic is not logging for action 'Allow' and why traffic is not passing through?&nbsp;</P> <P>&nbsp;</P> <P>Application - Any</P> <P>Services - Application default</P> <P>Action - Allow</P> <P>Logging - Log st session start and end</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Srikar</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="srikarpuligandla_0-1701627610318.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/55630i36B1D9E4F1125811/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="srikarpuligandla_0-1701627610318.png" alt="srikarpuligandla_0-1701627610318.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="srikarpuligandla_1-1701627668060.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/55631iFDBD9D58815421EF/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="srikarpuligandla_1-1701627668060.png" alt="srikarpuligandla_1-1701627668060.png" /></span></P> <P>&nbsp;</P> Sun, 03 Dec 2023 18:21:45 GMT srikarpuligandla 2023-12-03T18:21:45Z https://live.paloaltonetworks.com/t5/next-generation-firewall/security-policy/m-p/568147#M2203 <P>Hello,</P> <P>&nbsp;</P> <P>I have created a security policy with the below details. I am the hitting following URL <A href="https://10.x.x.x:15671" target="_blank">https://10.x.x.x:15671</A>&nbsp;and I see the 'connection is reset' in the browser. I see traffic is hitting the policy (Hit count) but it's not logging. When I set the action to Deny/Drop/reset-client\reset-server the traffic is logging when hits the rule. What could be the reason why traffic is not logging for action 'Allow' and why traffic is not passing through?&nbsp;</P> <P>&nbsp;</P> <P>Application - Any</P> <P>Services - Application default</P> <P>Action - Allow</P> <P>Logging - Log st session start and end</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Srikar</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="srikarpuligandla_0-1701627610318.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/55630i36B1D9E4F1125811/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="srikarpuligandla_0-1701627610318.png" alt="srikarpuligandla_0-1701627610318.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="srikarpuligandla_1-1701627668060.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/55631iFDBD9D58815421EF/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="srikarpuligandla_1-1701627668060.png" alt="srikarpuligandla_1-1701627668060.png" /></span></P> <P>&nbsp;</P> Sun, 03 Dec 2023 18:21:45 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/security-policy/m-p/568147#M2203 srikarpuligandla 2023-12-03T18:21:45Z https://live.paloaltonetworks.com/t5/next-generation-firewall/security-policy/m-p/568215#M2205 <P>Your service is set to application default while you're using port 15671 for ssl traffic (default port 443)</P> <P>This means you will not be using this security rule to handle the traffic. You're most likely dropping down to the default intrazone deny rule, which has logging disabled</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>reason you're seeing the hit counter increase is when the SYN paxcket arrives there's no app-id yet, so no default port to enforce, the policy match goes by the 6tuple (source zone, source ip, destination zone, destination ip, destination port, protocol)</P> <P>since you have an any any rule, the syn packet is allowed through until app-id kicks in, the rulebase is chcked again, this rule no longer matches and the next best match is de default rule</P> Mon, 04 Dec 2023 13:43:31 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/security-policy/m-p/568215#M2205 reaper 2023-12-04T13:43:31Z https://live.paloaltonetworks.com/t5/next-generation-firewall/security-policy/m-p/568813#M2226 <P>Thank you&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a>&nbsp;</P> Thu, 07 Dec 2023 05:00:27 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/security-policy/m-p/568813#M2226 srikarpuligandla 2023-12-07T05:00:27Z