Logging query - Missing logs from implicit deny rule

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Logging query - Missing logs from implicit deny rule

L1 Bithead

Hi all,

 

Doing some testing with a PAN-OS v6.0.0 VM-100. The command ‘set system setting logging default-policy-logging 300’ is configured so I am seeing log entries for traffic that is being blocked by the implicit deny rule for inter-zone traffic.

 

If I enable a security policy that permits any application I’m able to play a video on webpage: http://www.bbc.co.uk/news/uk-england-nottinghamshire-35472617

 

If I enable a policy with some application filtering I am now unble to play the video (which I expect) however I am not seeing anything being denied in the log.

 

This is a problem for me as I need to be able to see what exactly is being blocked in order to permit the appropriate application(s).

 

Can anyone suggest why I might be having this issue?

 

Thanks,

1 REPLY 1

L4 Transporter

Hey there,

 

On version 6, there is no option to override and log the default rule. In order to have this logged, just simply create a new any to any deny all rule, set it to log at session end and place it at the bottom of your ruleset. 

 

If you upgrade to 6.1 or higher you can override the 'interzone-default' rule which is now visible in the ruleset and set it to log.

 

hope this helps,

Ben

  • 2542 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!