https://live.paloaltonetworks.com/t5/next-generation-firewall/rule-uuid-mismatch-in-policies-and-traffic-logs-discrepancy-in/m-p/585189#M3069 <P>Dear Team,</P> <P>&nbsp;</P> <P>We have 2 * PA-5250 Firewall Appliances configured in Active-Passive and managed by Panorama. PANOS version on both the firewalls and Panorama is PANOS: 10.1.12.</P> <P>&nbsp;</P> <P><STRONG>Issue:</STRONG></P> <P>I've noticed an inconsistency where the Rule UUID displayed in the Traffic Logs differs from the one shown in the actual Policy. Additionally, the Traffic Logs are associating multiple Rule UUIDs with a single rule. Excluding the correct UUID, various other UUIDs are appearing in the Traffic Logs.</P> <P>Furthermore, when filtering the Traffic Logs by the correct Rule UUID, no traffic is displayed. However, if I filter by the rule name, traffic logs appear but with alternate UUIDs.</P> <P>This issue is with the Active Firewall only while there is no issue in the Passive firewall.</P> <P>&nbsp;</P> <P>For example:</P> <P><STRONG>Rule UUID in Policy</STRONG>:&nbsp;48d8f35d-e9c9-4bed-9bc9-75317067bf7e</P> <P><STRONG>Rule UUID in Traffic logs</STRONG>:&nbsp;7d379199-cccf-42ad-9979-2017e5a959d1<BR />3c79c2c6-88e5-41cd-bc65-99d7b865d63f<BR />e401849b-4eb2-4153-beb4-4d5f3c171048</P> <P>&nbsp;</P> <P>Thanks in advance,</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 29 Apr 2024 09:17:32 GMT mohit-singhal 2024-04-29T09:17:32Z https://live.paloaltonetworks.com/t5/next-generation-firewall/rule-uuid-mismatch-in-policies-and-traffic-logs-discrepancy-in/m-p/585189#M3069 <P>Dear Team,</P> <P>&nbsp;</P> <P>We have 2 * PA-5250 Firewall Appliances configured in Active-Passive and managed by Panorama. PANOS version on both the firewalls and Panorama is PANOS: 10.1.12.</P> <P>&nbsp;</P> <P><STRONG>Issue:</STRONG></P> <P>I've noticed an inconsistency where the Rule UUID displayed in the Traffic Logs differs from the one shown in the actual Policy. Additionally, the Traffic Logs are associating multiple Rule UUIDs with a single rule. Excluding the correct UUID, various other UUIDs are appearing in the Traffic Logs.</P> <P>Furthermore, when filtering the Traffic Logs by the correct Rule UUID, no traffic is displayed. However, if I filter by the rule name, traffic logs appear but with alternate UUIDs.</P> <P>This issue is with the Active Firewall only while there is no issue in the Passive firewall.</P> <P>&nbsp;</P> <P>For example:</P> <P><STRONG>Rule UUID in Policy</STRONG>:&nbsp;48d8f35d-e9c9-4bed-9bc9-75317067bf7e</P> <P><STRONG>Rule UUID in Traffic logs</STRONG>:&nbsp;7d379199-cccf-42ad-9979-2017e5a959d1<BR />3c79c2c6-88e5-41cd-bc65-99d7b865d63f<BR />e401849b-4eb2-4153-beb4-4d5f3c171048</P> <P>&nbsp;</P> <P>Thanks in advance,</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 29 Apr 2024 09:17:32 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/rule-uuid-mismatch-in-policies-and-traffic-logs-discrepancy-in/m-p/585189#M3069 mohit-singhal 2024-04-29T09:17:32Z https://live.paloaltonetworks.com/t5/next-generation-firewall/rule-uuid-mismatch-in-policies-and-traffic-logs-discrepancy-in/m-p/585249#M3074 <P>Hello Friend!<BR /><BR /></P> <P>&nbsp;</P> <DIV> <DIV class="p"><SPAN>When rules are pushed from Panorama, they will all have the same UUID. However, rules created locally on a firewall will each have their own unique UUID. If you create a rule on a firewall after pushing rules from Panorama, the locally created rule will have its own UUID.<BR /><BR /></SPAN>On the following Doc you can learn more about this: <A href="https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/enumeration-of-rules-within-a-rulebase" target="_blank">https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/enumeration-of-rules-within-a-rulebase</A><BR /><BR />Mark my comment as solved if you think this solves your query</DIV> </DIV> <P><LI-WRAPPER></LI-WRAPPER></P> Mon, 29 Apr 2024 19:50:47 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/rule-uuid-mismatch-in-policies-and-traffic-logs-discrepancy-in/m-p/585249#M3074 jfernandez1 2024-04-29T19:50:47Z https://live.paloaltonetworks.com/t5/next-generation-firewall/rule-uuid-mismatch-in-policies-and-traffic-logs-discrepancy-in/m-p/585263#M3075 <P>Hi&nbsp;<SPAN>Jfernandez1,</SPAN></P> <P>&nbsp;</P> <P><SPAN>Thanks for your response. I am aware about this concept, but the issue is not related to this.</SPAN></P> <P><SPAN>Let me rephrase the issue:</SPAN></P> <P>&nbsp;</P> <P><SPAN>For Example: </SPAN></P> <P><SPAN><STRONG>Rule Name:</STRONG> xyz/abc (Pushed from Panorama to the HA pair (Active/Passive).</SPAN></P> <P><SPAN><STRONG>Rule UUID visible in the Policy in both the Firewalls:</STRONG>&nbsp;</SPAN>48d8f35d-e9c9-4bed-9bc9-75317067bf7e</P> <P><STRONG>Rule UUIDs visible in the Traffic logs for the same rule in the Active Firewall only</STRONG>:&nbsp;</P> <P>7d379199-cccf-42ad-9979-2017e5a959d1<BR />3c79c2c6-88e5-41cd-bc65-99d7b865d63f<BR />e401849b-4eb2-4153-beb4-4d5f3c171048</P> <P>&nbsp;</P> <P>The problem is exclusive to the Active Firewall; the Passive Firewall is functioning without any issues.</P> <P>Issue is with all the rules configured in Active Firewall not with the specific rule.</P> <P>&nbsp;</P> <P>I trust this clarification explained the issue clearly.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 30 Apr 2024 00:44:32 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/rule-uuid-mismatch-in-policies-and-traffic-logs-discrepancy-in/m-p/585263#M3075 mohit-singhal 2024-04-30T00:44:32Z