Not getting logs for APP-ID Adoption from PA-7050

Reply
L0 Member

Not getting logs for APP-ID Adoption from PA-7050

I am working on a Checkpoint to PA migration.  The PA firewall is a PA-7050 managed by Panorama.  The Layer-3/4 policy has been sent to the device successfully, but I am unable to get any matches using the APP-ID adoption.  I have configured the connector to pull from the firewall and from the Panorama with no success.  I can see the traffic logs on both the device and the Panorama. I have successfully pulled logs from the Panorama for another PA migration (PA-5060).

Any suggestions?

L7 Applicator

Re: Not getting logs for APP-ID Adoption from PA-7050

Hi,

Its hard to figure it out from here but.

User rights: Is the username used to generate the API keys and import the Devices into the tool Superuser? We need to execute operational commands and reports.

Latency: Are the MT and the Panorama or the device in the same network? Are you connected though a VPN? sometimes the latency han raise a tmout for the report generation. Its recommended to have the tool in the same network or close.

The Time Period. Change the Period in the Log connector to last hour for example and retrieve the reports again.

Try to Select only one rule and retrieve the apps for the selection.

Double-Check to see the Log Connector assigned at the bottom bar.

Maybe you can attach an screenshot from your log connector?

L0 Member

Re: Not getting logs for APP-ID Adoption from PA-7050

Thank you for your response.

The user is a Superuser. The Migration tool and the Panorama are on the same network.  I have used time periods from 1 hour to 30 days with the same result.  I have tried a single rule instead of all of them. I have verified the log collector.

Since the 7050 does not forward logs to the Panorama, is there a different way of configuring the log collection?

L2 Linker

Re: Not getting logs for APP-ID Adoption from PA-7050

I have the same problem here. The PA-7050 has a different kind of storing logs due to builtin  M-100 (Logcard). I have not yet done deeper debugging. I case of Panorama you should be aware that logs remain on the PA-7050. This leads also to different behavior.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!