02-20-2023 06:45 AM
PAN OS 9.1.7
The following traffic log shows the specific URL
The other traffic log doesn't have the specific URL, and also this log cannot be seen in the url filtering log
Is this a expected behaviors or something wrong with the customer's environment?
02-20-2023 02:09 PM
@zji,
First and foremost, PAN-OS 9.1.7 is severely dated. I'd advising your customer to upgrade to 9.1.15-h1.
Lastly the detail that you're giving doesn't really specify how the "Deny All 2020-URL" is actually configured. If the traffic was denied due to URL you'd expect to see the URL recorded in the logs as it is in your first example. If the traffic was denied before the URL was analyzed however, the firewall won't record the URL that the client requested. So from what's been provided and the action being reset-both with no further information provided, it appears as though this is expected behavior and the URL shouldn't be recorded.
02-20-2023 05:13 PM
The "Deny All 2020-URL" only define the custom url category, so if the packets hit this rule that mean they actually denied by the URL, right?
02-22-2023 06:11 PM
Thanks for your reply!
Since the security rule only define custom url category and I can see "url category" in the traffic log, does this mean it actually check URL? So I'm confused that why the packet didn't record the specific URL.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
