Home
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
Clear
Cloud NGFW for Azure
:
Cloud NGFW for Azure Decryption Log Fields
Updated on
Wed Nov 13 00:55:16 UTC 2024
Focus
Download PDF
Updated on
Wed Nov 13 00:55:16 UTC 2024
Focus
Home
Azure
Cloud NGFW for Azure
Logging
Cloud NGFW for Azure Decryption Log Fields
Download PDF
Cloud NGFW for Azure
Cloud NGFW for Azure Decryption Log Fields
Table of Contents
Filter
Expand all
|
Collapse all
Getting Started with Cloud NGFW for Azure
Cloud NGFW for Azure
Cloud NGFW Components
Cloud NGFW for Azure Supported Regions
Cloud NGFW for Azure Limits and Quotas
Cloud NGFW for Azure Pricing
Cloud NGFW for Azure Free Trial
Cloud NGFW Credit Distribution and Management
Start with Cloud NGFW for Azure
Manage Cloud NGFW Roles for Azure Users
Integrate Single Sign-on
Monitor Cloud NGFW Health
Create a Support Case
Register Your Cloud NGFW Tenant with a Palo Alto Networks Support Account
Cloud NGFW for Azure Certifications
Cloud NGFW For Azure Privacy and Data Protection
Deploy Cloud NGFW for Azure
Deploy the Cloud NGFW in a vNET
Sample Configuration for Post vNET Deployment
Deploy the Cloud NGFW in a vWAN
Sample Configuration for Post vWAN Deployment
Cloud NGFW Native Policy Management Using Rulestacks
About Rulestacks and Rules on Cloud NGFW for Azure
Create a Rulestack on Cloud NGFW for Azure
Cloud NGFW for Azure Security Rule Objects
Create a Prefix List on Cloud NGFW for Azure
Create an FQDN List for Cloud NGFW on Azure
Add a Certificate to Cloud NGFW for Azure
Create Security Rules on Cloud NGFW for Azure
Cloud NGFW for Azure Security Services
Enable DNS Security on Cloud NGFW for Azure
Set Up Outbound Decryption on Cloud NGFW for Azure
Set Up Inbound Decryption on Cloud NGFW for Azure
Panorama Policy Management
Panorama Integration
Panorama Integration Prerequisites
Link the Cloud NGFW to Palo Alto Networks Management
Use Panorama for Cloud NGFW Policy Management
Enable User-ID on the Cloud NGFW for Azure
Configure Service Routes for On-Prem Services
Use XFF IP Address Values in Policy
View Cloud NGFW Logs and Activity in Panorama
Logging
Configure Logging for Cloud NGFW on Azure
Cloud NGFW for Azure Traffic Log Fields
Cloud NGFW for Azure Threat Log Fields
Cloud NGFW for Azure Decryption Log Fields
Enable Log Settings
Disable Log Settings
Enable Activity Logging on Cloud NGFW for Azure
Multiple Logging Destinations on Cloud NGFW for Azure
View the Logs
View Audit Logs on a Firewall Resource
View Audit Logs on Resource Groups
What's New
Cloud NGFW for Azure Known Issues
Cloud NGFW for Azure Addressed Issues
Cloud NGFW for Azure Decryption Log Fields
Field Name
Description
Source IP Address (src_ip)
Original session source IP address.
Source Port (sport)
Source port utilized by the session.
Destination Address (dst)
Original session destination IP address.
Destination Port (dport)
Destination port utilized by the session.
IP Protocol (proto)
IP protocol associated with the session.
Application (app)
Application associated with the session.
Rule (rule)
Security policy rule that controls the session traffic.
Action (action)
Action taken for the session; possible values are:
allow—session was allowed by policy
deny—session was denied by policy
reset both—session was terminated and a TCP reset is sent to both the sides of the connection
reset client—session was terminated and a TCP reset is sent to the client
reset server—session was terminated and a TCP reset is sent to the server
TLS Version (tls_version)
The version of TLS protocol used for the session.
Key Exchange Algorithm (tls_keyxchg)
The key exchange algorithm used for the session.
Encryption Algorithm (tls_enc)
The algorithm used to encrypt the session data, such as AES-128-CBC, AES-256-GCM, etc.
Hash Algorithm (tls_auth)
The authentication algorithm used for the session, for example, SHA, SHA256, SHA384, etc.
Elliptic Curve (ec_curve)
The elliptic cryptography curve that the client and server negotiate and use for connections that use ECDHE cipher suites.
Server Name Indication (server_name_indication)
The Server Name Indication.
Server Name Indication Length (server_name_indication_length)
The length of the Server Name Indication (hostname).
Proxy Type (proxy_type)
The Decryption proxy type, such as Forward for Forward Proxy, Inbound for Inbound Inspection, No Decrypt for undecrypted traffic, GlobalProtect, etc.
Chain Status (chain_status)
Whether the chain is trusted. Values are:
Uninspected
Untrusted
Trusted
Incomplete
Previous
Cloud NGFW for Azure Threat Log Fields
Next
Enable Log Settings
