Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
Given the screenshot, what are two correct statements about the logged traffic? (Choose two.)
The logged traffic indicates that the web session was allowed but ended due to a threat, as seen in the 'SESSION END REASON' column. This suggests that the traffic was denied by a security profile, addressing potential threats detected during the session. Additionally, the 'APPLICATION' column indicates web browsing over port 443, which infers that the web session involved HTTPS traffic, likely decrypted for inspection. This aligns with the provided setup where the 'FROM ZONE' is 'LAN' and the 'TO ZONE' is 'Internet', indicating typical web traffic inspection and filtering.
Entries for traffic that matches the URL Filtering profile attached to a security policy rule- will show as url Entries generated when traffic matches one of the Security Profiles attached to a security rule on the firewall- it will show as threat
The session was decrypted because you can see web-browsing over port 443 The traffic was denied by a security profile https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCQlCAO
How to read that it was decrypted? There are some 443 traffic not decrypted..
B and D are correct
for URL Filtering, the type of logs is not traffic i believe
BD seem better answer
How can I read that the traffic was denied?
Nevermind, it's "Session end reason"
B and D are correct.