Distributed Cloud Firewall Logging

• Feature: Configurable session-level logging with start/end options
• New Attributes: Duration, traffic size, stage indicators
• Terraform and API Support: log_profile field introduced
• UI Update: Log dropdown in DCF Policies tab

​

Key Features

• Flexible Logging Points: Log at Start (existing), Log at End (new), Log at Start & End (new), or Off
• Start/End Time: Precise timestamps for session lifecycle
• Duration: Total session length
• Stage: Indicates session phase (start or end)
• Request/Response Bytes (Layer 7): Application-level traffic size
• Transmitted Bytes/Packets (Layer 3): Network-level traffic metrics
• API and Terraform Support: New log_profile field in policy resources with predefined profiles: start, end, start_end, off

​

Accessing DCF Logging Settings through CoPilot UI

​

Logging Options

• Log at Start: Captures session initiation details
• Log at End: Captures session termination details, including duration and traffic size
• Log at Start & End: Provides full lifecycle visibility
• Off: Disables logging for the rule

​

Benefits

• Control: Choose when transactions are logged for better flexibility
• Insight: Start logging provides quick enforcement visibility; End logging provides detailed traffic patterns (duration, size)
• Operational Efficiency: Richer logs for troubleshooting and compliance
• Future-Ready: Log profiles can evolve to include advanced features (e.g., anomaly detection)
• Improved Security Monitoring: Detect anomalies and policy violations
• Better Compliance Reporting: Capture complete session details for audits
• Enhanced Troubleshooting: Diagnose complex traffic flows with full lifecycle data

​

Configure DCF Logging

​

Configure DCF Logging on CoPilot

1. Navigate to Security > Distributed Cloud Firewall > Policies
2. Edit or create a policy rule.
3. In the Log dropdown, select: Start, End, Start & End, or Off.
4. Save changes and validate via Traffic Logs.

​

Configure DCF Logging with Terraform as an Example