As a best practice, logging at session start should be used in which case?
As a best practice, logging at session start should be used in which case?
Logging at session start should be used while troubleshooting. This practice allows for immediate logging of the session's initial traffic, providing valuable information to diagnose issues quickly. Logging at the start of a session helps in identifying problems with applications that don't change during the session or aren't recognized by the firewall.
A. Logging at session start is usually used when troubleshooting applications that don't change over the course of the session, or applications that aren't recognized by the firewall. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clt5CAC
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clt5CAC#:~:text=Logging%20at%20session%20start%20is,on%20the%20management%20plane's%20CPU.
A temporary when troubleshooting
A is correct
It could be "B", cause if you want to log a Deny policy you need to set Log at session start checkbox, but A is more accurate with the best practices. So it could be both but A is more accurated for question context.
Why would you want to log a deny policy at session start? It will just consume FW resources