Difference between Log Forwarding for a Zone and Security Policy Log Forwarding

Difference between Log Forwarding for a Zone and Security Policy Log Forwarding

32801
Created On 09/25/18 17:39 PM - Last Modified 08/11/23 02:16 AM


Environment


  • Palo Alto Firewall
  • Supported PAN-OS
  • Log Forwarding

Resolution


Overview

Palo Alto Networks firewalls allow administrators to forward logs to external servers. Log forwarding configuration can be found in security rules and also when defining a zone.

 

Details

Rule Based Log Forwarding

When enabling log forwarding for a rule (or rules), the firewall will forward logs to the external server when the rule is a match. This feature is usually used for deny rules for which an administrator wants to be notified when it is triggered. Enabling this for broad allow rules (outbound internet access) can generate a lot of log traffic and is not recommended unless absolutely necessary.

7-9-2012 11-26-58 AM.png

 

Zone Log Forwarding

Zone configuration also allows for log forwarding which is very different than for security rules. Enabling this will forward zone protection logs, not traffic logs. Zone protection is configured under Network > Network Profiles > Zone Protection. Zone Log Forwarding is configured under Network > Zones. When denial of service, flood, reconnaissance or packet based protection is triggered by the firewall, it will generate a zone protection log which will be forwarded to the server.

7-9-2012 11-31-33 AM.png

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHICA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language