https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/553206#M1695 <P>Please update ?</P> Thu, 10 Aug 2023 07:43:10 GMT sidhardhatech 2023-08-10T07:43:10Z https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/552522#M1655 <P>One URL does not access on browser, it shows error timed out. PA-3220 we are using.</P> <P class="x_MsoNormal" aria-hidden="true">&nbsp;</P> <P class="x_MsoNormal">1. Create one test rule - Where you allow everything&nbsp;for one source only.</P> <P class="x_MsoNormal">2. Clone the test rule and deny the "Quic" application there and put it above the test rule.</P> <P class="x_MsoNormal">&nbsp;</P> <P class="x_MsoNormal">But it is not working.</P> <P class="x_MsoNormal">&nbsp;</P> <P class="x_MsoNormal">please help me for this</P> Fri, 04 Aug 2023 05:35:39 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/552522#M1655 sidhardhatech 2023-08-04T05:35:39Z https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/552720#M1674 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/307553">@sidhardhatech</a>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><SPAN>Did you see the traffic is denied by the firewall due to the rule that you have created to deny the 'Quic' application? Are you able to access the URL with just the 'allow everything' rule? If the URL traffic matched to Quic application then as per your policy it will be denied hence the user won't be able to access it. You may try to narrow down it by looking into the traffic/threat/URL Filtering logs.</SPAN></P> Mon, 07 Aug 2023 03:04:19 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/552720#M1674 akuzhuppilly 2023-08-07T03:04:19Z https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/552757#M1676 <P>we created test policy 1st rule in top of policy , any to any. Url is pinging but not opening in browser.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="sidhardhatech_0-1691404627115.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/52576iB25A6B9B5B7D8173/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="sidhardhatech_0-1691404627115.png" alt="sidhardhatech_0-1691404627115.png" /></span></P> <P>&nbsp;</P> Mon, 07 Aug 2023 10:37:25 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/552757#M1676 sidhardhatech 2023-08-07T10:37:25Z https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/552794#M1677 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/307553">@sidhardhatech</a>&nbsp;,</P> <P>&nbsp;</P> <P>Is the issue specific to a particular URL or affecting all traffic?</P> <P>Have you enabled SSL decryption in the firewall?</P> <P>Are you able to access the URL(s) when the firewall is bypassed?</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 07 Aug 2023 15:21:19 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/552794#M1677 akuzhuppilly 2023-08-07T15:21:19Z https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/552865#M1678 <P>sorry for late reply</P> <P>&nbsp;</P> <P>1. paritcular url we facing this issue</P> <P>2. we are not using any decryption policy.</P> <P>3. we have access the url , firewall is bypassing it.</P> <P>The url is pinging in browser and In traffic logs it allow ping only.</P> <P>&nbsp;</P> <P>Please share any document or any solution for this.</P> Tue, 08 Aug 2023 04:44:07 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/552865#M1678 sidhardhatech 2023-08-08T04:44:07Z https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/553206#M1695 <P>Please update ?</P> Thu, 10 Aug 2023 07:43:10 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/553206#M1695 sidhardhatech 2023-08-10T07:43:10Z https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/553241#M1698 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/307553">@sidhardhatech</a>&nbsp;<BR /><BR />Sorry, didn't get you fully - What do you mean by "<SPAN>The url is pinging in browser and In traffic logs it allow ping only." ?</SPAN></P> <P>&nbsp;</P> <P><SPAN>I would recommend you to confirm below things -</SPAN></P> <P>&nbsp;</P> <P><SPAN>1. What are the traffic logs for the URL when accessed from the browser ? Is it matching desired security policy ?</SPAN></P> <P><SPAN>2. Also if you have any security profiles attached to the security policy, kindly verify respective logs also for the web traffic.</SPAN></P> <P><SPAN>3. Did you tried to take packet capture for the web traffic? Packet capture will give you more clarity.</SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 10 Aug 2023 11:54:41 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/553241#M1698 SutareMayur 2023-08-10T11:54:41Z https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/553467#M1708 <P>while we are checking Pcap in Wireshark, we found tcp RST.&nbsp;</P> <P>problem is not solved</P> <P>&nbsp;</P> Fri, 11 Aug 2023 11:07:14 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/553467#M1708 sidhardhatech 2023-08-11T11:07:14Z https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/553468#M1709 <P>while we are checking Pcap in Wireshark, we found tcp RST.&nbsp;</P> <P>problem is not solved</P> Fri, 11 Aug 2023 11:07:48 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/web-access-issue/m-p/553468#M1709 sidhardhatech 2023-08-11T11:07:48Z