https://live.paloaltonetworks.com/t5/general-topics/strata-cloud-manager-gateway-traffic-on-cloudfront-net-failing/m-p/1228505#M124230 <P>Well when the user connects via the US gateways the traffic doesn't work however it works via the UK gateway. Thats the only way I can the tell something is up with the US gateway.</P> <P>The intrusive option is the last resort I rather not go that route as its excessive to do that while no other traffic is impacted. It doesn't fly when you explain it to others.</P> Thu, 08 May 2025 14:45:28 GMT G.Varkey 2025-05-08T14:45:28Z https://live.paloaltonetworks.com/t5/general-topics/strata-cloud-manager-gateway-traffic-on-cloudfront-net-failing/m-p/1228499#M124226 <P>No blocks observed but US gateways are dropping the traffic going to ohio.gov were as the UK gateway it works. The logs do not show any blocks. Any ideas how to troubleshoot would be helpful. Opened a TAC case however its dragging out for 3 days now</P> Thu, 08 May 2025 14:24:24 GMT https://live.paloaltonetworks.com/t5/general-topics/strata-cloud-manager-gateway-traffic-on-cloudfront-net-failing/m-p/1228499#M124226 G.Varkey 2025-05-08T14:24:24Z https://live.paloaltonetworks.com/t5/general-topics/strata-cloud-manager-gateway-traffic-on-cloudfront-net-failing/m-p/1228502#M124228 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/152302069">@G.Varkey</a>&nbsp;wrote:<BR /> <P>No blocks observed but US gateways are dropping the traffic going to ohio.gov were as the UK gateway it works. The logs do not show any blocks. Any ideas how to troubleshoot would be helpful. Opened a TAC case however its dragging out for 3 days now</P> <HR /></BLOCKQUOTE> <P>How do you know the gateways are dropping the traffic?&nbsp;</P> <P>&nbsp;</P> <P>It sounds like one potential might be an IP protection thing happening in CF against the US GW IPs?&nbsp; As subscribers to the Prisma service we have no access to the virtual FWs so the only way to diagnose the potential "dropping" issue is for TAC to do analysis on the infra.</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>--edit--</P> <P>This would be a VERY intrusive option, but you could remove your US gateways from deployment 1 at a time, then redeploy them.&nbsp; This would create new IPs for the gateways in the deployed regions.&nbsp; Doing so would be a very direct way to see if it's an IP issue.&nbsp; This drastic of a step could potentially mean disruption of services though if your current GW IPs are used in an allow list for things like MFA or some other public service.</P> Thu, 08 May 2025 14:41:40 GMT https://live.paloaltonetworks.com/t5/general-topics/strata-cloud-manager-gateway-traffic-on-cloudfront-net-failing/m-p/1228502#M124228 Brandon_Wertz 2025-05-08T14:41:40Z https://live.paloaltonetworks.com/t5/general-topics/strata-cloud-manager-gateway-traffic-on-cloudfront-net-failing/m-p/1228505#M124230 <P>Well when the user connects via the US gateways the traffic doesn't work however it works via the UK gateway. Thats the only way I can the tell something is up with the US gateway.</P> <P>The intrusive option is the last resort I rather not go that route as its excessive to do that while no other traffic is impacted. It doesn't fly when you explain it to others.</P> Thu, 08 May 2025 14:45:28 GMT https://live.paloaltonetworks.com/t5/general-topics/strata-cloud-manager-gateway-traffic-on-cloudfront-net-failing/m-p/1228505#M124230 G.Varkey 2025-05-08T14:45:28Z