A firewall administrator uses Panorama to manage a fleet of firewalls. After successfully onboarding the firewalls to Strata Logging Service and enabling cloud logging via a template, the security operations team reports that they can no longer see new logs on the on-premises Panorama log collectors. Logs are appearing correctly in Strata Logging Service. Which setting was likely missed in the Panorama template configuration? (Choose one answer)

A. The device certificates for the Panorama log collectors were not renewed after enabling the cloud logging connection.
B. Duplicate logging (cloud and on-premises) is disabled under Device → Setup → Management.
C. The Log Forwarding profile was modified to send logs only to the Strata Logging Service and no longer includes the on-premises Panorama log collectors.
D. The Panorama log collectors were not defined as primary destinations within the collector group configuration for the managed firewalls.

Correct Answer: B

Brave-Dump Clients Votes

B 100%

Comments

Ayesha 2026-01-24 19:10:03

Selected Answers: B

Correct answer is B

When you onboard a firewall to the Strata Logging Service (SLS), the firewall is configured to send logs to the cloud. By default, or if not explicitly configured otherwise, the firewall may stop sending logs to the on-premises Panorama Log Collectors to save bandwidth and resources, assuming the cloud is now the primary storage.

To ensure logs are sent to both destinations simultaneously (Hybrid Logging), you must explicitly enable the Duplicate Logging feature in the Template configuration.

Why C is incorrect
Log Forwarding Profiles are typically used to tag traffic for forwarding to external systems (Syslog, Email, SNMP) or to define specific granularity. While they can control some forwarding, the system-level decision to send logs to Panorama vs. Cloud is handled in the Device Setup.