Limitations of Connection Logging

You cannot log:

  • The outer session of a plaintext, passthrough tunnel whose encapsulated connections are inspected by access control.

  • TCP connections if the three-way handshake is not completed, to avoid denial-of-service attacks against your firewalls. To monitor or debug failed connections, you can use the packet capture feature (Packet Capture Overview).