URL Filtering Log shows FORWARD

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

URL Filtering Log shows FORWARD

L3 Networker

Hey All -

I have several URL-Filtering logs that come through with a category of FORWARD.  Everything else is blank (URL, From Zone, To Zone, etc.).  Can anyone shed some light on what this means?

Thanks!

Matt

14 REPLIES 14

L5 Sessionator

Hi Matt,

What is the URL vendor that you are using? Could you please attach the snapshot of one of the logs that you are seeing. Thank you.

We are using PAN-DB.  And I stand corrected.  Source and Destination addresses are present.  I've attached a screenshot.

forward.png

That image looks pretty broken - it seems to have the application in the "From Zone" column and the Source Country in the Application column!  I wouldn't trust that output very much...

Maybe he named the zone on the firewall web-browsing? That would be kinda weird though

L5 Sessionator

matt.rosloniec@amway.com,

Are your logs from a device or from Panorama?  Also, what version of PAN-OS are you running?

--Doris

Well of course I don't trust the output, lol.. that's the purpose of the question.  Regardless of how accurate the output is, it is showing up in our logs and I'd love to find out what it is.

Doris - Those logs are from a device, which forwards all log to an M-100 Log Collector.  That being said, the screenshot was taken from Panorama.

Your firewalls are effectively providing you corrupted data. Personally, I'd resolve that first and then go from there...

If you look on the CLI; do you get the same output?

Do you know if the logs are displayed correctly on the device?  Also, what version of PAN-OS is running on Panorama?  I know that there was a similar bug that was fixed, so I'm curious as to whether or not this is the same issue or another variant of it.

--Doris

I thought that at first; but then you see the Application column and you know its just fundamentally broken.

Oh yea wow, gotcha.

What the heck PANOS is this? I'm avoiding the 6.0 train for about a year on my side

dyang, ajbool, ericgearhart -

The device (Firewall) is running 5.0.11.  The Log Collector it sends logs to is 5.1.3, and Panorama is 5.1.6.

Also, yes the logs appear correctly on the device.  I took the query I ran in Panorama to get those results, and ran it on the device, and had correct results on the device.

Hi matt.rosloniec@amway.com,

We had a bug where headers and the rest of the table did not match in certain scenarios, but that was only for CSV exports (this bug was also fixed in PAN-OS 6.0.1).  Can you open a case with Support so we can take a look and investigate further?

Thanks,

Doris

dyang

Thanks, I will open a ticket with Support.

  • 6085 Views
  • 14 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!