https://live.paloaltonetworks.com/t5/web-proxy-discussions/pa-web-proxy-has-more-than-syslog-logs-on-current-pa-fw/m-p/1221738#M57 <P>Hey&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1168210653">@Kakada_Sao16</a>&nbsp;, Please keep in mind that this is a tech forum and most of solutions come from not directly working professionals for Palo Alto that assist each other in the best way possible. What you have seems like a design issue as having a rule for Proxy To Internet seems strange as you are allowing your PA firewall/Proxy to talk to Internet as a user for me if going to internet should match 1 rule if allowed/blocked based better on a AD group&nbsp;<span class="lia-unicode-emoji" title=":thinking_face:">🤔</span>&nbsp; The only way to match 2 rules for me if you have the so called proxy to internet rule before the client rule and there to be the so called "appshift"&nbsp; as maybe the first rules matches all web browser traffic and then the application gets detected which is bad design&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1aCAC" target="_blank">How to Prevent Application Shift - Knowledge Base - Palo Alto Networks</A></P><P>&nbsp;</P><P>I suggest involving Palo Alto Professional Services (PS) or a partner company as this will also probably be outside the scope of the Palo Alto Support TAC team to assist you with.</P> Tue, 25 Feb 2025 11:49:37 GMT nikoolayy1 2025-02-25T11:49:37Z https://live.paloaltonetworks.com/t5/web-proxy-discussions/pa-web-proxy-has-more-than-syslog-logs-on-current-pa-fw/m-p/1219731#M56 <P>Dear PA team,</P><P>&nbsp;</P><P>PA Firewall and PA Web proxy are integration with SIEM.</P><P>&nbsp;</P><P><STRONG>Before: </STRONG></P><P>When my PC run though connecting on PA firewall has only 1 log ( End Traffic , Deny Access, Permit...) for each session.</P><P>&nbsp;</P><P>Example:</P><P>&nbsp; &nbsp; &nbsp; &nbsp; 1.&nbsp; Traffic End -&gt; Feb 2, 2025, 10:15:00 AM</P><P>&nbsp;</P><P><STRONG>Now:</STRONG></P><P>When my PC point connectivity to PA Proxy there have 2 or more for each session.</P><P>&nbsp;</P><P>Example: Duplicate logs</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;1. Traffic End -&gt; Feb 2, 2025, 10:15:00 AM</P><P>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;2. Traffic End -&gt; Feb 2, 2025, 10:15:00 AM</P><P>&nbsp;</P><P>On Proxy where Security Policy we defined <STRONG>Allow User to proxy</STRONG> and <STRONG>Allow Proxy to Internet.</STRONG></P><P>&nbsp;</P><P>We concern with SIEM consumption resource performance and licensing cost. When has more logs on PA Web proxy.</P><P>&nbsp;</P><P>Do we have solution to fix this case? To ensure it has as same as log on PA FW for each session.</P><P>&nbsp;</P><P>Thanks,</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 07 Feb 2025 03:38:54 GMT https://live.paloaltonetworks.com/t5/web-proxy-discussions/pa-web-proxy-has-more-than-syslog-logs-on-current-pa-fw/m-p/1219731#M56 Kakada_Sao16 2025-02-07T03:38:54Z https://live.paloaltonetworks.com/t5/web-proxy-discussions/pa-web-proxy-has-more-than-syslog-logs-on-current-pa-fw/m-p/1221738#M57 <P>Hey&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1168210653">@Kakada_Sao16</a>&nbsp;, Please keep in mind that this is a tech forum and most of solutions come from not directly working professionals for Palo Alto that assist each other in the best way possible. What you have seems like a design issue as having a rule for Proxy To Internet seems strange as you are allowing your PA firewall/Proxy to talk to Internet as a user for me if going to internet should match 1 rule if allowed/blocked based better on a AD group&nbsp;<span class="lia-unicode-emoji" title=":thinking_face:">🤔</span>&nbsp; The only way to match 2 rules for me if you have the so called proxy to internet rule before the client rule and there to be the so called "appshift"&nbsp; as maybe the first rules matches all web browser traffic and then the application gets detected which is bad design&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1aCAC" target="_blank">How to Prevent Application Shift - Knowledge Base - Palo Alto Networks</A></P><P>&nbsp;</P><P>I suggest involving Palo Alto Professional Services (PS) or a partner company as this will also probably be outside the scope of the Palo Alto Support TAC team to assist you with.</P> Tue, 25 Feb 2025 11:49:37 GMT https://live.paloaltonetworks.com/t5/web-proxy-discussions/pa-web-proxy-has-more-than-syslog-logs-on-current-pa-fw/m-p/1221738#M57 nikoolayy1 2025-02-25T11:49:37Z https://live.paloaltonetworks.com/t5/web-proxy-discussions/pa-web-proxy-has-more-than-syslog-logs-on-current-pa-fw/m-p/1224373#M59 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/153031">@nikoolayy1</a>&nbsp;</P><P>&nbsp;</P><P>let us further check with them. thanks.</P> Fri, 21 Mar 2025 01:32:01 GMT https://live.paloaltonetworks.com/t5/web-proxy-discussions/pa-web-proxy-has-more-than-syslog-logs-on-current-pa-fw/m-p/1224373#M59 Kakada_Sao16 2025-03-21T01:32:01Z