https://live.paloaltonetworks.com/t5/general-topics/pa-sending-tcp-rst/m-p/27764#M20240 <HTML><HEAD></HEAD><BODY><P>Hi Steven,</P><P></P><P>not for this traffic.</P></BODY></HTML> Mon, 26 Jan 2015 11:53:34 GMT Jakub_Kopka 2015-01-26T11:53:34Z https://live.paloaltonetworks.com/t5/general-topics/pa-sending-tcp-rst/m-p/27762#M20238 <HTML><HEAD></HEAD><BODY><P>Hey folks,</P><P></P><P>I've run into a following issue. We have a Juniper MAG box communicating with a web server and a rule in place allowing this communication (source Juniper, destination any production IP, on any port). I can also see in the traffic log that the communication is accepted. However when I did a packet capture on the FW I saw the following:</P><P>Receiving capture:</P><P><IMG alt="PA_recv.jpg" class="image-0 jive-image" height="78" src="https://live.paloaltonetworks.com/legacyfs/online/18002_PA_recv.jpg" style="height: 78px; width: 912.452830188679px;" width="912" /></P><P>Transmitting capture:</P><P><IMG alt="PA_transm.jpg" class="image-1 jive-image" height="87" src="https://live.paloaltonetworks.com/legacyfs/online/18003_PA_transm.jpg" style="height: 87px; width: 914.237288135593px;" width="914" /></P><P></P><P>Any idea why is this happening or what I am missing?</P><P></P><P>Thanks</P></BODY></HTML> Mon, 26 Jan 2015 11:18:13 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-sending-tcp-rst/m-p/27762#M20238 Jakub_Kopka 2015-01-26T11:18:13Z https://live.paloaltonetworks.com/t5/general-topics/pa-sending-tcp-rst/m-p/27763#M20239 <HTML><HEAD></HEAD><BODY><P>On the monitor tab, filter the threat logs and the url logs for these ip addresses and see if there are any hits.</P></BODY></HTML> Mon, 26 Jan 2015 11:50:35 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-sending-tcp-rst/m-p/27763#M20239 pulukas 2015-01-26T11:50:35Z https://live.paloaltonetworks.com/t5/general-topics/pa-sending-tcp-rst/m-p/27764#M20240 <HTML><HEAD></HEAD><BODY><P>Hi Steven,</P><P></P><P>not for this traffic.</P></BODY></HTML> Mon, 26 Jan 2015 11:53:34 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-sending-tcp-rst/m-p/27764#M20240 Jakub_Kopka 2015-01-26T11:53:34Z https://live.paloaltonetworks.com/t5/general-topics/pa-sending-tcp-rst/m-p/27765#M20241 <HTML><HEAD></HEAD><BODY><P>Then I would open a support case.&nbsp; When the PA generates a reset we should have a log from the process that is creating the reset.</P><P></P><P>Here your policy, threat and url logs are clean so it would appear that this is a bug that needs to be investigated.</P></BODY></HTML> Mon, 26 Jan 2015 11:56:35 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-sending-tcp-rst/m-p/27765#M20241 pulukas 2015-01-26T11:56:35Z https://live.paloaltonetworks.com/t5/general-topics/pa-sending-tcp-rst/m-p/27766#M20242 <HTML><HEAD></HEAD><BODY><P>Hi Jakub</P><P></P><P>Are you running AppID version 482-2533? Try rolling back to a previous version, we had a similar issue</P><P></P><P>Cheers</P></BODY></HTML> Tue, 27 Jan 2015 02:55:58 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-sending-tcp-rst/m-p/27766#M20242 SteveMc 2015-01-27T02:55:58Z https://live.paloaltonetworks.com/t5/general-topics/pa-sending-tcp-rst/m-p/27767#M20243 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Thanks. This has helped.</P><P></P><P>edit:</P><P>It's a bug - should be fixed in PanOS 6.1.3 with the AppID 482.</P></BODY></HTML> Tue, 27 Jan 2015 05:38:14 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-sending-tcp-rst/m-p/27767#M20243 Jakub_Kopka 2015-01-27T05:38:14Z