After you configure log
forwarding to Log Collectors, managed firewalls open a TCP connection
to all configured Log Collectors. These connections timeout every
sixty (60) seconds and do not indicate that the firewall has lost
connection to the Log Collectors. When you configure log forwarding
to a local or Dedicated Log Collector over a
supported ethernet
interface, the firewall traffic logs show
incomplete
sessions
despite the firewall being able to successfully connect to the Log
Collectors. If you configure log forwarding over the management
port, no traffic logs showing
incomplete
sessions
are generated. Traffic logs showing
incomplete
sessions
are generated by all firewalls except for the PA-5200 and PA-7000
series firewalls.