Hi Mkiand, Thx for your suggestions ! Yes indeed: - NTP has been configured, even before the (data) interfaces were connected. So, onboard time sync was and is now also still in sync. - For data we want to see, there's an LOG AT START enabled. Should both (start/end) be enabled preferably to have correct and relevant data in ACC ? I already informed our Palo Alto engineer about this issue. He asked to open a support case in order to have a closer look. Just 1 remark: I don't know whether there's a link between both, but after creating a CUSTOM REPORT which forced to get data from the threat database for the past +/- 24hours, drilling down into the "Threat monitor" reveals fine grained information about sources/destations/etc. So, I tried to build a similar custom build report that forced to fetch data from "traffic" database, though the result was not successful: "no matching record" after drill down in the "Traffic monitor" I'll keep this thread up to date once a solution is provided from the support case.
... View more