After you configure log forwarding to Log Collectors,
managed firewalls open a TCP connection to all configured Log Collectors.
These connections timeout every sixty (60) seconds and do not indicate
that the firewall has lost connection to the Log Collectors. When
you configure log forwarding to a local or Dedicated Log Collector over
a
supported ethernet
interface, the firewall traffic logs show
incomplete
sessions
despite the firewall being able to successfully connect to the Log
Collectors. If you configure log forwarding over the management
port, no traffic logs showing
incomplete
sessions
are generated. Traffic logs showing
incomplete
sessions
are generated by all firewalls except for the PA-5200 and PA-7000
series firewalls.