https://live.paloaltonetworks.com/t5/general-topics/panorama-traffic-invisible/m-p/180377#M55848 <P>Not sure if l fully understood your&nbsp;question, but for the traffic visibility on VM you must have an active licenses, otherwise no traffic will be shown&nbsp;in the&nbsp;monitor tab.</P> Thu, 05 Oct 2017 19:32:02 GMT TranceforLife 2017-10-05T19:32:02Z https://live.paloaltonetworks.com/t5/general-topics/panorama-traffic-invisible/m-p/180369#M55847 <P>PAN(VM) and PA1 management interfaces are both Zone A.</P><P>&nbsp;</P><P>PA1 connects to PA2(remote site) on IPSEC tunnel. Traffic from PA2 on PA1 is considered in Zone A and viceversa on PA2 for traffic from PA1.&nbsp;</P><P>&nbsp;</P><P>If i do packet capture on either PA, I can see there is bidirectional traffic between PA2 and PAN. But traffic logs don't show anything, I may select&nbsp;any PAN/PA&nbsp;as source or destination.&nbsp;</P> Thu, 05 Oct 2017 19:19:33 GMT https://live.paloaltonetworks.com/t5/general-topics/panorama-traffic-invisible/m-p/180369#M55847 raji_toor 2017-10-05T19:19:33Z https://live.paloaltonetworks.com/t5/general-topics/panorama-traffic-invisible/m-p/180377#M55848 <P>Not sure if l fully understood your&nbsp;question, but for the traffic visibility on VM you must have an active licenses, otherwise no traffic will be shown&nbsp;in the&nbsp;monitor tab.</P> Thu, 05 Oct 2017 19:32:02 GMT https://live.paloaltonetworks.com/t5/general-topics/panorama-traffic-invisible/m-p/180377#M55848 TranceforLife 2017-10-05T19:32:02Z https://live.paloaltonetworks.com/t5/general-topics/panorama-traffic-invisible/m-p/180386#M55850 <P>We have License for that. We manage both firewalls through Panorama and also push logs to it.</P><P>As both the management interface for PA1 and PAN are in same zone, I do not see traffic for it as it doesnot has to cross firewall. But for the remote site PA2 which is also managed by Panorama (location same as PA1), traffic has to pass though tunnel to PA2's management interface. This traffic should be vissible at both PA1 and PA2, which is not.</P><P>&nbsp;</P><P>&nbsp;<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 342px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/11768iA7B5FC28D72B031D/image-dimensions/342x89/is-moderation-mode/true?v=v2" width="342" height="89" role="button" title="image.png" alt="image.png" /></span></P><P>&nbsp;</P> Thu, 05 Oct 2017 19:44:17 GMT https://live.paloaltonetworks.com/t5/general-topics/panorama-traffic-invisible/m-p/180386#M55850 raji_toor 2017-10-05T19:44:17Z https://live.paloaltonetworks.com/t5/general-topics/panorama-traffic-invisible/m-p/180462#M55858 <P>Traffic inside same zone will match to intrazone-default rule that does not log traffic by default.</P><P>Choose intrazone-default rule and click override.</P><P>Then you can edit rule settings to enable log at session end.</P> Fri, 06 Oct 2017 03:24:23 GMT https://live.paloaltonetworks.com/t5/general-topics/panorama-traffic-invisible/m-p/180462#M55858 Raido_Rattameister 2017-10-06T03:24:23Z https://live.paloaltonetworks.com/t5/general-topics/panorama-traffic-invisible/m-p/180481#M55861 <P>Is the session visible in the session table?</P> <P>The connection from a firewall back to panorama is a permanent ssl session</P> <P>Because it is permanently up, it will not show up in the logs until it is terminated (it is 1 connection for an 'unlinited' amount of time, rather than a bunch of ssl sessions oer time) because logs are generated when a session ends (log at end)</P> Fri, 06 Oct 2017 06:19:28 GMT https://live.paloaltonetworks.com/t5/general-topics/panorama-traffic-invisible/m-p/180481#M55861 reaper 2017-10-06T06:19:28Z https://live.paloaltonetworks.com/t5/general-topics/panorama-traffic-invisible/m-p/180576#M55881 <P>So what is the recomended log setting. As malacious traffic session if is able to stay&nbsp;up for long we would not see it.</P> Fri, 06 Oct 2017 16:04:56 GMT https://live.paloaltonetworks.com/t5/general-topics/panorama-traffic-invisible/m-p/180576#M55881 raji_toor 2017-10-06T16:04:56Z https://live.paloaltonetworks.com/t5/general-topics/panorama-traffic-invisible/m-p/180579#M55883 No need to change anything<BR />This is only a unique issue with panorama 'call home' connections, this does not normally apply to regular traffic<BR />If a threat is detected the threat will be logged and if the session is terminated becauer of the threat (in case threat action is reset or drop for example) that will be logged too Fri, 06 Oct 2017 16:12:02 GMT https://live.paloaltonetworks.com/t5/general-topics/panorama-traffic-invisible/m-p/180579#M55883 reaper 2017-10-06T16:12:02Z