This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Rule UUID mismatch in Policies and Traffic Logs/Discrepancy in Rule UUIDs within Traffic Logs and Policy

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Rule UUID mismatch in Policies and Traffic Logs/Discrepancy in Rule UUIDs within Traffic Logs and Policy

mohit-singhal
L1 Bithead

‎04-29-2024 02:17 AM

Dear Team,

 

We have 2 * PA-5250 Firewall Appliances configured in Active-Passive and managed by Panorama. PANOS version on both the firewalls and Panorama is PANOS: 10.1.12.

 

Issue:

I've noticed an inconsistency where the Rule UUID displayed in the Traffic Logs differs from the one shown in the actual Policy. Additionally, the Traffic Logs are associating multiple Rule UUIDs with a single rule. Excluding the correct UUID, various other UUIDs are appearing in the Traffic Logs.

Furthermore, when filtering the Traffic Logs by the correct Rule UUID, no traffic is displayed. However, if I filter by the rule name, traffic logs appear but with alternate UUIDs.

This issue is with the Active Firewall only while there is no issue in the Passive firewall.

 

For example:

Rule UUID in Policy: 48d8f35d-e9c9-4bed-9bc9-75317067bf7e

Rule UUID in Traffic logs: 7d379199-cccf-42ad-9979-2017e5a959d1
3c79c2c6-88e5-41cd-bc65-99d7b865d63f
e401849b-4eb2-4153-beb4-4d5f3c171048

 

Thanks in advance,

 

 

0 Likes Likes
2 REPLIES 2

jfernandez1
L2 Linker

‎04-29-2024 12:50 PM

Hello Friend!

 

When rules are pushed from Panorama, they will all have the same UUID. However, rules created locally on a firewall will each have their own unique UUID. If you create a rule on a firewall after pushing rules from Panorama, the locally created rule will have its own UUID.

On the following Doc you can learn more about this: https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/enumeration-of-rules-within-a-ruleb...

Mark my comment as solved if you think this solves your query

Senior Network Security Engineer
PCNSE | CCNP | JNCIP
0 Likes Likes

mohit-singhal
L1 Bithead
In response to jfernandez1

‎04-29-2024 05:44 PM

Hi Jfernandez1,

 

Thanks for your response. I am aware about this concept, but the issue is not related to this.

Let me rephrase the issue:

 

For Example:

Rule Name: xyz/abc (Pushed from Panorama to the HA pair (Active/Passive).

Rule UUID visible in the Policy in both the Firewalls: 48d8f35d-e9c9-4bed-9bc9-75317067bf7e

Rule UUIDs visible in the Traffic logs for the same rule in the Active Firewall only

7d379199-cccf-42ad-9979-2017e5a959d1
3c79c2c6-88e5-41cd-bc65-99d7b865d63f
e401849b-4eb2-4153-beb4-4d5f3c171048

 

The problem is exclusive to the Active Firewall; the Passive Firewall is functioning without any issues.

Issue is with all the rules configured in Active Firewall not with the specific rule.

 

I trust this clarification explained the issue clearly.

 

 

 

0 Likes Likes
  • 436 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks