log messages
Log Filter Examples
addr.src in 10.252.11.123 and !( action eq allow ) ( addr.dst in 52.96.111.2 ) and !( action eq allow )
Incomplete in Application Field
The three-way TCP handshake did not complete or it completed but there is no data after the handshake. This is caused by traffic that isn’t an application, or if the SYN was sent, but the SYN ACK was not received. (Far end application might not respond correctly)
Insufficent Data in Application Field
There isn’t enough information to correctly indentify the application. Palo firewalls will check their signatures and if nothing matches, this error will be the result.
Not-applicable
Data will be discarded because the service and/or port is not allowed or there is no rule allowing this service.
unknown-tcp
There is a three-way TCP handshake, but the the firewall cannot determine what application it is. A custom application is often the culprit.
CLI tests
test security-policy-match destination 1.1.1.1 application web-browsing protocol 6 source 8.8.8.8 destination-port 80
show session all filter source 10.221.33.33 destination 10..x.x destination-port 445
show counter global filter delta yes packet-filter yes | match
show interface tunnel.7