- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-28-2021 04:52 PM
I have a VM-500 panos-8.1.18. I am seeing traffic logs with below flags
Session End Reason- policy-deny (means traffic denied as per policy)
Action -Allow ( how can action be allowed when traffic is denied via policy)
Type- deny
We also have ssl decryption enabled.
10-28-2021 05:33 PM
Thank you for posting question @inderjit21
I have seen the same in Traffic logs: ( session_end_reason eq policy-deny ) and ( action eq allow ) in the case when security policy had an action: Allow however this policy had an URL Filtering Profile with Site Access: Block.
Is the policy you are seeing in the log using any URL filtering?
Kind Regards
Pavel
10-28-2021 06:36 PM
Yes it has url profile but there is no block under url profile just under traffic logs.
10-29-2021 12:38 AM
Thank you for reply @inderjit21
When you click on Log Detailed View icon on far left side:
does it reveal more details in the bottom section for the reason of the deny?
Also, could you check in Traffic log: ( session_end_reason eq decrypt-error ) or ( session_end_reason eq decrypt-unsupport-param) for any decryption errors related to this traffic?
Kind Regards
Pavel
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!