Logging query - Missing logs from implicit deny rule

GNS_Support — Wed, 03 Feb 2016 13:30:44 GMT

Hi all,

Doing some testing with a PAN-OS v6.0.0 VM-100. The command ‘set system setting logging default-policy-logging 300’ is configured so I am seeing log entries for traffic that is being blocked by the implicit deny rule for inter-zone traffic.

If I enable a security policy that permits any application I’m able to play a video on webpage: http://www.bbc.co.uk/news/uk-england-nottinghamshire-35472617

If I enable a policy with some application filtering I am now unble to play the video (which I expect) however I am not seeing anything being denied in the log.

This is a problem for me as I need to be able to see what exactly is being blocked in order to permit the appropriate application(s).

Can anyone suggest why I might be having this issue?

Thanks,

Re: Logging query - Missing logs from implicit deny rule

bmorris1 — Wed, 03 Feb 2016 14:38:48 GMT

Hey there,

On version 6, there is no option to override and log the default rule. In order to have this logged, just simply create a new any to any deny all rule, set it to log at session end and place it at the bottom of your ruleset.

If you upgrade to 6.1 or higher you can override the 'interzone-default' rule which is now visible in the ruleset and set it to log.

hope this helps,

Ben

topic Re: Logging query - Missing logs from implicit deny rule in General Topics

Logging query - Missing logs from implicit deny rule

Re: Logging query - Missing logs from implicit deny rule