https://live.paloaltonetworks.com/t5/next-generation-firewall/allow-dark-trace-rst-packets/m-p/588653#M3254 <P>Hello,</P> <P>Check the unified logs and see the information as to why the DT packets are being dropped. Then create a security policy to allow that type of traffic. Might have to disable some security features on the security policy to allow this.</P> <P>&nbsp;</P> <P>Regards,</P> Mon, 03 Jun 2024 21:54:06 GMT OtakarKlier 2024-06-03T21:54:06Z https://live.paloaltonetworks.com/t5/next-generation-firewall/allow-dark-trace-rst-packets/m-p/588651#M3253 <P>We have a 5220 at the core of our network making east / west decisions between LAN segments and dark trace (DT) appliance. I currently have the DT appliance configured to take autonomous action with DT respond.&nbsp; One of the ways DT enforces this is by sending TCP RST packets to the "infected pc," by spoofing the source and/or destination IP address. As you can imagine, this gets dropped as soon as it hits the PA gateway interface and never reaches the destination PC.</P> <P>Is there a way to allow an exception just for the Dark Trace appliance to send RST packets (from spoofed IP) to any LAN segment through the PA?&nbsp;</P> Mon, 03 Jun 2024 21:50:41 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/allow-dark-trace-rst-packets/m-p/588651#M3253 dkordyban 2024-06-03T21:50:41Z https://live.paloaltonetworks.com/t5/next-generation-firewall/allow-dark-trace-rst-packets/m-p/588653#M3254 <P>Hello,</P> <P>Check the unified logs and see the information as to why the DT packets are being dropped. Then create a security policy to allow that type of traffic. Might have to disable some security features on the security policy to allow this.</P> <P>&nbsp;</P> <P>Regards,</P> Mon, 03 Jun 2024 21:54:06 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/allow-dark-trace-rst-packets/m-p/588653#M3254 OtakarKlier 2024-06-03T21:54:06Z