An administrator has configured PAN-OS SD-WAN and has received a request to find out the reason for a session failover for a session that has already ended. Where would you find this in Panorama or firewall logs?
A.
System Logs
B.
Session Browser
C.
You cannot find failover details on closed sessions
System logs display entries for each system event on the firewall. Each entry includes the date and time, event severity, and event description. The following table summarizes the System log severity levels. For a partial list of System log messages and their corresponding severity levels, refer to System Log Events.
SEVERITY
DESCRIPTION
Critical
Hardware failures, including high availability (HA) failover and link failures.
https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/monitoring/view-and-manage-logs/log-types-and-severity-levels/system-logs#id8edbfdae-ed92-4d8e-ab76-6a38f96e8cb1
Link Switches (link_switches): Contains up to four link flap entries, with each entry containing the link name, link tag, link type, physical interface, timestamp, bytes read, bytes written, link health, and link flap cause.
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/traffic-log-fields#idbe18d2d4-9eb8-4966-bec8-df3a6de70e66:~:text=link%20health%2C%20and-,link%20flap%20cause.,-SD%2DWAN%20Cluster
D is the answer I think, sessions may failover on different paths based on the traffic distribution profiles: https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/configure-sd-wan/sd-wan-traffic-distribution-profiles
I believe the answer here is D. Traffic logs. Refer to the documentation link below, you can see that the link switches, and all SD-WAN cluster logs are found in the firewalls traffic logs. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/traffic-log-fields#idbe18d2d4-9eb8-4966-bec8-df3a6de70e66
C cannot be correct. I do not see the correct answer in here, but not sure if the traffic logs can reveal this information. According to documentation, the failover reason can be found in (Panorama - SD-WAN - Monitoring). Here's the link - check out step 6 - https://docs.paloaltonetworks.com/sd-wan/1-0/sd-wan-admin/troubleshooting/troubleshoot-app-performance
I believe the answer here is D. Traffic logs. Refer to the documentation link below, you can see that the link switches, and all SD-WAN cluster logs are found in the firewalls traffic logs. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/traffic-log-fields#idbe18d2d4-9eb8-4966-bec8-df3a6de70e66
upvoted 3 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
corpguy
1 day, 11 hours agohifire
3 months, 2 weeks agoSkyderAmzLee
5 months, 2 weeks agoChiquitabandita
11 months, 2 weeks agoNawda
1 year, 4 months agodgonz
1 year, 4 months agolildevil
1 year, 7 months agolildevil
1 year, 7 months agoNicolao
1 year, 8 months agothissiteisgreat
2 years, 1 month agoconfusion
2 years, 2 months agomysteryzjoker
2 years, 2 months agowest33637
2 years, 2 months agowest33637
2 years, 2 months agowest33637
2 years, 2 months ago