An administrator has configured PAN-OS SD-WAN and has received a request to find out the reason for a session failover for a session that has already ended.
Where would you find this in Panorama or firewall logs?
An administrator has configured PAN-OS SD-WAN and has received a request to find out the reason for a session failover for a session that has already ended.
Where would you find this in Panorama or firewall logs?
To find the reason for a session failover for a session that has already ended in PAN-OS SD-WAN, you should look in the Traffic Logs. Traffic Logs contain detailed records of the traffic that has passed through the firewall, and they include information about sessions, including failovers and the conditions that caused them. System Logs generally contain information about system events and hardware failures, and the Session Browser is used for active sessions, making Traffic Logs the most appropriate place to check for this information.
I also think D. Traffic logs are for closed sessions, session browser for open.
I believe the answer here is D. Traffic logs. Refer to the documentation link below, you can see that the link switches, and all SD-WAN cluster logs are found in the firewalls traffic logs. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/traffic-log-fields#idbe18d2d4-9eb8-4966-bec8-df3a6de70e66
System logs display entries for each system event on the firewall. Each entry includes the date and time, event severity, and event description. The following table summarizes the System log severity levels. For a partial list of System log messages and their corresponding severity levels, refer to System Log Events. SEVERITY DESCRIPTION Critical Hardware failures, including high availability (HA) failover and link failures. https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/monitoring/view-and-manage-logs/log-types-and-severity-levels/system-logs#id8edbfdae-ed92-4d8e-ab76-6a38f96e8cb1
Link Switches (link_switches): Contains up to four link flap entries, with each entry containing the link name, link tag, link type, physical interface, timestamp, bytes read, bytes written, link health, and link flap cause. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/traffic-log-fields#idbe18d2d4-9eb8-4966-bec8-df3a6de70e66:~:text=link%20health%2C%20and-,link%20flap%20cause.,-SD%2DWAN%20Cluster
D is the answer
System logs contain sub type routing.. basically shows failover logs.. could be A
They have it correct at C. The system logs will not tell you "the reason for a session failover" which is what the question asks.
They have it correct at C. The system logs will not tell you "the reason for a session failover" which is what the question asks.
Why not A? How can you find the "reason" for a failover in the traffic logs?
D is the answer I think, sessions may failover on different paths based on the traffic distribution profiles: https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/configure-sd-wan/sd-wan-traffic-distribution-profiles
C cannot be correct. I do not see the correct answer in here, but not sure if the traffic logs can reveal this information. According to documentation, the failover reason can be found in (Panorama - SD-WAN - Monitoring). Here's the link - check out step 6 - https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/troubleshooting/troubleshoot-app-performance
I believe the answer here is D. Traffic logs. Refer to the documentation link below, you can see that the link switches, and all SD-WAN cluster logs are found in the firewalls traffic logs. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/traffic-log-fields#idbe18d2d4-9eb8-4966-bec8-df3a6de70e66