With a WildFire Policy Configured, Why are Some Connections Logs Showing Allow?

With a WildFire Policy Configured, Why are Some Connections Logs Showing Allow?

0
Created On 09/25/18 17:58 PM - Last Modified 07/19/22 23:07 PM


Resolution


If the action in the logs is Allow file that came through on a WildFire-enabled policy, it means that the Forward action was changed to Allow by the data plane because the App-ID was identified as an application that is exempted from sending files to the cloud, such as Microsoft updates for example.


owner: kprakash
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClLmCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail