https://live.paloaltonetworks.com/t5/general-topics/403-forbidden/m-p/495827#M105094 <P>Hello,</P> <P>Its a permissions issue on the far side, eg not your firewall config.</P> <P>Regards,</P> Tue, 31 May 2022 15:50:02 GMT OtakarKlier 2022-05-31T15:50:02Z https://live.paloaltonetworks.com/t5/general-topics/403-forbidden/m-p/495768#M105093 <P>I've run into a strange issue with the following website&nbsp; <A href="https://dvir-prod.aws.drivecam.net" target="_blank" rel="noopener">https://dvir-prod.aws.drivecam.net</A>. When Users attempt to access it they are getting a 403 Forbidden. I'm not seeing an drops in the logs, and the packet captures don't point to anything either. I have to two 5520's in an HA pair and I forced the Active to Standby in the hops that it might help but no luck. Download the Tech Support file and uploaded it to the case I opened, but I haven't heard back on that. Access the site outside of the Company no issues.</P><P>&nbsp;</P><P>Any help would be greatly apricated.&nbsp;</P><P>&nbsp;</P><TABLE><TBODY><TR><TD>Software Version</TD><TD>10.1.5-h2</TD></TR></TBODY></TABLE> Tue, 31 May 2022 15:28:59 GMT https://live.paloaltonetworks.com/t5/general-topics/403-forbidden/m-p/495768#M105093 TedHaubein 2022-05-31T15:28:59Z https://live.paloaltonetworks.com/t5/general-topics/403-forbidden/m-p/495827#M105094 <P>Hello,</P> <P>Its a permissions issue on the far side, eg not your firewall config.</P> <P>Regards,</P> Tue, 31 May 2022 15:50:02 GMT https://live.paloaltonetworks.com/t5/general-topics/403-forbidden/m-p/495827#M105094 OtakarKlier 2022-05-31T15:50:02Z https://live.paloaltonetworks.com/t5/general-topics/403-forbidden/m-p/495861#M105099 <P>Works fine when I'm not behind the firewall. Spoke to the vendor and asked them if they needed to allow our public NAT address, and I was told no.</P> Tue, 31 May 2022 16:10:20 GMT https://live.paloaltonetworks.com/t5/general-topics/403-forbidden/m-p/495861#M105099 TedHaubein 2022-05-31T16:10:20Z https://live.paloaltonetworks.com/t5/general-topics/403-forbidden/m-p/496465#M105110 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/68158">@TedHaubein</a>,</P> <P>Do you see anything with the lytx.com domain on your firewall getting blocked that drives the authentication.&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/27580">@OtakarKlier</a>&nbsp;is correct, the firewall isn't feeding you a 403 error. It&nbsp;<EM>could&nbsp;</EM>be blocking something with the authentication process however that has the site defaulting to a 403 forbidden error. Assuming you've tried this from multiple different devices/browsers behind the firewall and can rule out a caching issue, look to see if you're blocking anything else related to Lytx.</P> <P>In situations like this I really recommend fully enabling logging and using a test client to blanket allow all traffic temporarily. If you can access the site perfectly fine under those conditions, you know it's an actual firewall issue and you can use the logs to see what the firewall is actually seeing from the client to narrow things down. More than likely, you're dropping&nbsp;<EM>something&nbsp;</EM>in the Lytx authentication process; that or this won't work with a blanket allow either and you have something else going on.&nbsp;</P> Wed, 01 Jun 2022 01:31:40 GMT https://live.paloaltonetworks.com/t5/general-topics/403-forbidden/m-p/496465#M105110 BPry 2022-06-01T01:31:40Z