Generated traffic logs showing weird information

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Generated traffic logs showing weird information

L3 Networker

I have a VM-500 panos-8.1.18. I am seeing traffic logs with below flags

Session End Reason- policy-deny (means traffic denied as per policy)

Action -Allow ( how can action be allowed when traffic is denied via policy)

Type- deny

 

We also have ssl decryption enabled.

3 REPLIES 3

Cyber Elite
Cyber Elite

Thank you for posting question @inderjit21

 

I have seen the same in Traffic logs: ( session_end_reason eq policy-deny ) and ( action eq allow ) in the case when security policy had an action: Allow however this policy had an URL Filtering Profile with Site Access: Block.

 

Is the policy you are seeing in the log using any URL filtering?

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

L3 Networker

Yes it has url profile but there is no block under url profile just under traffic logs. 

Cyber Elite
Cyber Elite

Thank you for reply @inderjit21

 

When you click on Log Detailed View icon on far left side: 

PavelK_0-1635492886802.png

does it reveal more details in the bottom section for the reason of the deny?

 

Also, could you check in Traffic log: ( session_end_reason eq decrypt-error ) or ( session_end_reason eq decrypt-unsupport-param) for any decryption errors related to this traffic?

 

Kind Regards

Pavel 

Help the community: Like helpful comments and mark solutions.
  • 2406 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!