Attention: Our Customer Support Portal (CSP) is currently experiencing intermittent login disruptions, and we are actively working towards a solution. We appreciate your patience and apologize for any inconvenience this may cause.
Historically some malformed or irregular packets that were discarded by a zone protection profile or built in protection (like LAND attacks) would only increment a global counter to indicate an action was taken. This made troubleshooting such occurences, or logging for auditing and compliancy, a little more tedious.
Starting from PAN-OS 8.1.2 new Threat logs were introduced that will appear each time such packets are discarded
Fragmented IP packets
IP address spoofing
ICMP packets larger than 1024 bytes
Packets containing ICMP fragments
ICMP packets embedded with an error message
First packets for a TCP session that are not SYN packets
Threat logs will also be generated on the following events (which don’t require Packet-Based Attack Protection):
DoS attack using ping of death
To enable the additional logging, run this operational command: