topic Windows 10 browsing issues in General Topics
https://live.paloaltonetworks.com/t5/general-topics/windows-10-browsing-issues/m-p/166151#M53277
<P>We have a continuing issue with Windows 10 machines browsing SSL sites that are decrypted. We've had a ticket open for a couple weeks with no solution. It is intermittent and random, we cannot create the issue at will. Tech Support has verified Decryption Policy and Profiles are correct. You can see it happening in the Traffic Logs. The user will be browsing using the Rule for their browsing category. You can see their User-ID, then the next minute the Rule will change to a different one and the User-ID disappears from the log. About 10 minutes later, boom, it reappears and starts working again. I don't want to turn off Decryption, but this is going to make me lose my job! Any community ideas?</P>Wed, 12 Jul 2017 16:40:19 GMTkmullen2017-07-12T16:40:19ZWindows 10 browsing issues
https://live.paloaltonetworks.com/t5/general-topics/windows-10-browsing-issues/m-p/166151#M53277
<P>We have a continuing issue with Windows 10 machines browsing SSL sites that are decrypted. We've had a ticket open for a couple weeks with no solution. It is intermittent and random, we cannot create the issue at will. Tech Support has verified Decryption Policy and Profiles are correct. You can see it happening in the Traffic Logs. The user will be browsing using the Rule for their browsing category. You can see their User-ID, then the next minute the Rule will change to a different one and the User-ID disappears from the log. About 10 minutes later, boom, it reappears and starts working again. I don't want to turn off Decryption, but this is going to make me lose my job! Any community ideas?</P>Wed, 12 Jul 2017 16:40:19 GMThttps://live.paloaltonetworks.com/t5/general-topics/windows-10-browsing-issues/m-p/166151#M53277kmullen2017-07-12T16:40:19ZRe: Windows 10 browsing issues
https://live.paloaltonetworks.com/t5/general-topics/windows-10-browsing-issues/m-p/166168#M53278
<P><LI-USER uid="64960"></LI-USER>,</P><P>I think your trying to correlate two items that don't appear to be connected. Could you share the logs so that we can actually look at those?</P><P>Depending on your security policy it would make sense that if you dropped user-id you would move to a different rule. The fact that you can't replicate it and it happens randomly kinda sounds more like your users are having their user-ids age-out and your policy switches them to another rule that may/not actually have the same decryption policies applied to it. </P><P>I would be highly suspicious that SSL decryption has anything to do with user-id disappering. </P>Wed, 12 Jul 2017 17:23:32 GMThttps://live.paloaltonetworks.com/t5/general-topics/windows-10-browsing-issues/m-p/166168#M53278BPry2017-07-12T17:23:32ZRe: Windows 10 browsing issues
https://live.paloaltonetworks.com/t5/general-topics/windows-10-browsing-issues/m-p/166227#M53296
<P>Thnaks for responding. I had support look and I was able to get them to agree that USER-ID was not working right. I have attached logs for user c07783. You can see at time 7/12/2017 11:51 she loses her User-ID. Later it comes back. During the transition any website she was on dies.</P><P> </P><TABLE><TBODY><TR><TD>1</TD><TD>7/12/2017 11:51</TD><TD>1801046497</TD><TD>TRAFFIC</TD><TD>end</TD><TD>1</TD><TD>7/12/2017 11:51</TD><TD>10.30.106.52</TD><TD>23.203.225.2</TD><TD>23.203.225.2</TD><TD>Rule 46</TD><TD> </TD><TD> </TD><TD>web-browsing</TD><TD>vsys1</TD><TD>INSIDE</TD><TD>OUTSIDE</TD><TD>ethernet1/2</TD><TD>ethernet1/1</TD><TD>########</TD><TD>142481</TD><TD>1</TD><TD>53728</TD><TD>80</TD><TD>63414</TD><TD>80</TD><TD>0x40001c</TD><TD>tcp</TD><TD>allow</TD><TD>105512</TD><TD>8773</TD><TD>96739</TD><TD>151</TD><TD>########</TD><TD>2</TD><TD>news</TD><TD>0</TD><TD>3.46E+08</TD><TD>0x0</TD><TD>10.0.0.0-10.255.255.255</TD><TD>0</TD><TD>79</TD><TD>72</TD><TD>tcp-fin</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD> </TD><TD>from-policy</TD></TR><TR><TD>1</TD><TD>7/12/2017 11:51</TD><TD>1801046497</TD><TD>TRAFFIC</TD><TD>end</TD><TD>1</TD><TD>7/12/2017 11:51</TD><TD>10.30.106.52</TD><TD>192.243.232.36</TD><TD>192.243.232.36</TD><TD>Rule 46</TD><TD> </TD><TD> </TD><TD>web-browsing</TD><TD>vsys1</TD><TD>INSIDE</TD><TD>OUTSIDE</TD><TD>ethernet1/2</TD><TD>ethernet1/1</TD><TD>########</TD><TD>69763</TD><TD>1</TD><TD>53876</TD><TD>80</TD><TD>10144</TD><TD>80</TD><TD>0x40001a</TD><TD>tcp</TD><TD>allow</TD><TD>2461</TD><TD>985</TD><TD>1476</TD><TD>9</TD><TD>########</TD><TD>0</TD><TD>computer-and-internet-info</TD><TD>0</TD><TD>3.46E+08</TD><TD>0x0</TD><TD>10.0.0.0-10.255.255.255</TD><TD>0</TD><TD>6</TD><TD>3</TD><TD>tcp-rst-from-client</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD> </TD><TD>from-policy</TD></TR><TR><TD>1</TD><TD>7/12/2017 11:51</TD><TD>1801046497</TD><TD>TRAFFIC</TD><TD>end</TD><TD>1</TD><TD>7/12/2017 11:51</TD><TD>10.30.106.52</TD><TD>192.243.232.36</TD><TD>192.243.232.36</TD><TD>Rule 46</TD><TD> </TD><TD> </TD><TD>web-browsing</TD><TD>vsys1</TD><TD>INSIDE</TD><TD>OUTSIDE</TD><TD>ethernet1/2</TD><TD>ethernet1/1</TD><TD>########</TD><TD>121853</TD><TD>1</TD><TD>53877</TD><TD>80</TD><TD>2421</TD><TD>80</TD><TD>0x40001a</TD><TD>tcp</TD><TD>allow</TD><TD>2312</TD><TD>942</TD><TD>1370</TD><TD>9</TD><TD>########</TD><TD>0</TD><TD>computer-and-internet-info</TD><TD>0</TD><TD>3.46E+08</TD><TD>0x0</TD><TD>10.0.0.0-10.255.255.255</TD><TD>0</TD><TD>6</TD><TD>3</TD><TD>tcp-rst-from-client</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD> </TD><TD>from-policy</TD></TR><TR><TD>1</TD><TD>7/12/2017 11:51</TD><TD>1801046497</TD><TD>TRAFFIC</TD><TD>end</TD><TD>1</TD><TD>7/12/2017 11:51</TD><TD>10.30.106.52</TD><TD>156.154.202.36</TD><TD>156.154.202.36</TD><TD>Rule 46</TD><TD> </TD><TD> </TD><TD>web-browsing</TD><TD>vsys1</TD><TD>INSIDE</TD><TD>OUTSIDE</TD><TD>ethernet1/2</TD><TD>ethernet1/1</TD><TD>########</TD><TD>114700</TD><TD>1</TD><TD>53845</TD><TD>80</TD><TD>32299</TD><TD>80</TD><TD>0x40001c</TD><TD>tcp</TD><TD>allow</TD><TD>1385</TD><TD>699</TD><TD>686</TD><TD>9</TD><TD>########</TD><TD>0</TD><TD>web-advertisements</TD><TD>0</TD><TD>3.46E+08</TD><TD>0x0</TD><TD>10.0.0.0-10.255.255.255</TD><TD>0</TD><TD>4</TD><TD>5</TD><TD>tcp-fin</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD> </TD><TD>from-policy</TD></TR><TR><TD>1</TD><TD>7/12/2017 11:51</TD><TD>1801046497</TD><TD>TRAFFIC</TD><TD>end</TD><TD>1</TD><TD>7/12/2017 11:51</TD><TD>10.30.106.52</TD><TD>23.203.225.2</TD><TD>23.203.225.2</TD><TD>Rule 46</TD><TD> </TD><TD> </TD><TD>web-browsing</TD><TD>vsys1</TD><TD>INSIDE</TD><TD>OUTSIDE</TD><TD>ethernet1/2</TD><TD>ethernet1/1</TD><TD>########</TD><TD>36256</TD><TD>1</TD><TD>53734</TD><TD>80</TD><TD>4592</TD><TD>80</TD><TD>0x40001c</TD><TD>tcp</TD><TD>allow</TD><TD>41320</TD><TD>4147</TD><TD>37173</TD><TD>62</TD><TD>########</TD><TD>1</TD><TD>news</TD><TD>0</TD><TD>3.46E+08</TD><TD>0x0</TD><TD>10.0.0.0-10.255.255.255</TD><TD>0</TD><TD>32</TD><TD>30</TD><TD>tcp-fin</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD> </TD><TD>from-policy</TD></TR><TR><TD>1</TD><TD>7/12/2017 11:51</TD><TD>1801046497</TD><TD>TRAFFIC</TD><TD>end</TD><TD>1</TD><TD>7/12/2017 11:51</TD><TD>10.30.106.52</TD><TD>13.64.113.158</TD><TD>13.64.113.158</TD><TD>Rule 46</TD><TD> </TD><TD> </TD><TD>ssl</TD><TD>vsys1</TD><TD>INSIDE</TD><TD>OUTSIDE</TD><TD>ethernet1/2</TD><TD>ethernet1/1</TD><TD>########</TD><TD>58413</TD><TD>1</TD><TD>53766</TD><TD>443</TD><TD>13202</TD><TD>443</TD><TD>0x40001c</TD><TD>tcp</TD><TD>allow</TD><TD>10254</TD><TD>2694</TD><TD>7560</TD><TD>23</TD><TD>########</TD><TD>0</TD><TD>SSL Problem Sites</TD><TD>0</TD><TD>3.46E+08</TD><TD>0x0</TD><TD>10.0.0.0-10.255.255.255</TD><TD>0</TD><TD>13</TD><TD>10</TD><TD>tcp-fin</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD> </TD><TD>from-policy</TD></TR><TR><TD>1</TD><TD>7/12/2017 11:51</TD><TD>1801046497</TD><TD>TRAFFIC</TD><TD>end</TD><TD>1</TD><TD>7/12/2017 11:51</TD><TD>10.30.106.52</TD><TD>13.64.113.158</TD><TD>13.64.113.158</TD><TD>Rule 46</TD><TD> </TD><TD> </TD><TD>ssl</TD><TD>vsys1</TD><TD>INSIDE</TD><TD>OUTSIDE</TD><TD>ethernet1/2</TD><TD>ethernet1/1</TD><TD>########</TD><TD>40561</TD><TD>1</TD><TD>53759</TD><TD>443</TD><TD>58502</TD><TD>443</TD><TD>0x40001c</TD><TD>tcp</TD><TD>allow</TD><TD>10270</TD><TD>2694</TD><TD>7576</TD><TD>23</TD><TD>########</TD><TD>0</TD><TD>SSL Problem Sites</TD><TD>0</TD><TD>3.46E+08</TD><TD>0x0</TD><TD>10.0.0.0-10.255.255.255</TD><TD>0</TD><TD>13</TD><TD>10</TD><TD>tcp-fin</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD> </TD><TD>from-policy</TD></TR><TR><TD>1</TD><TD>7/12/2017 11:51</TD><TD>1801046497</TD><TD>TRAFFIC</TD><TD>end</TD><TD>1</TD><TD>7/12/2017 11:51</TD><TD>10.30.106.52</TD><TD>40.118.160.210</TD><TD>40.118.160.210</TD><TD>ATY Technology</TD><TD>mis1\c07783</TD><TD>ssl</TD><TD>vsys1</TD><TD>INSIDE</TD><TD>OUTSIDE</TD><TD>ethernet1/2</TD><TD>ethernet1/1</TD><TD>########</TD><TD>171214</TD><TD>1</TD><TD>53709</TD><TD>443</TD><TD>38116</TD><TD>443</TD><TD>0x140001c</TD><TD>tcp</TD><TD>allow</TD><TD>5162</TD><TD>1140</TD><TD>4022</TD><TD>15</TD><TD>########</TD><TD>24</TD><TD>internet-portals</TD><TD>0</TD><TD>3.46E+08</TD><TD>0x0</TD><TD>10.0.0.0-10.255.255.255</TD><TD>0</TD><TD>9</TD><TD>6</TD><TD>tcp-fin</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD> </TD><TD>from-policy</TD></TR><TR><TD>1</TD><TD>7/12/2017 11:51</TD><TD>1801046497</TD><TD>TRAFFIC</TD><TD>end</TD><TD>1</TD><TD>7/12/2017 11:51</TD><TD>10.30.106.52</TD><TD>23.203.225.21</TD><TD>23.203.225.21</TD><TD>ATY Technology</TD><TD>mis1\c07783</TD><TD>ssl</TD><TD>vsys1</TD><TD>INSIDE</TD><TD>OUTSIDE</TD><TD>ethernet1/2</TD><TD>ethernet1/1</TD><TD>########</TD><TD>9864</TD><TD>1</TD><TD>53696</TD><TD>443</TD><TD>9982</TD><TD>443</TD><TD>0x140001c</TD><TD>tcp</TD><TD>allow</TD><TD>5405</TD><TD>1030</TD><TD>4375</TD><TD>20</TD><TD>########</TD><TD>20</TD><TD>internet-portals</TD><TD>0</TD><TD>3.46E+08</TD><TD>0x0</TD><TD>10.0.0.0-10.255.255.255</TD><TD>0</TD><TD>8</TD><TD>12</TD><TD>tcp-fin</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD> </TD><TD>from-policy</TD></TR><TR><TD>1</TD><TD>7/12/2017 11:51</TD><TD>1801046497</TD><TD>TRAFFIC</TD><TD>end</TD><TD>1</TD><TD>7/12/2017 11:51</TD><TD>10.30.106.52</TD><TD>23.213.151.213</TD><TD>23.213.151.213</TD><TD>ATY Technology</TD><TD>mis1\c07783</TD><TD>ssl</TD><TD>vsys1</TD><TD>INSIDE</TD><TD>OUTSIDE</TD><TD>ethernet1/2</TD><TD>ethernet1/1</TD><TD>########</TD><TD>188652</TD><TD>1</TD><TD>53701</TD><TD>443</TD><TD>6034</TD><TD>443</TD><TD>0x40001a</TD><TD>tcp</TD><TD>allow</TD><TD>6888</TD><TD>1125</TD><TD>5763</TD><TD>23</TD><TD>########</TD><TD>14</TD><TD>business-and-economy</TD><TD>0</TD><TD>3.46E+08</TD><TD>0x0</TD><TD>10.0.0.0-10.255.255.255</TD><TD>0</TD><TD>13</TD><TD>10</TD><TD>tcp-rst-from-client</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD> </TD><TD>from-policy</TD></TR><TR><TD>1</TD><TD>7/12/2017 11:50</TD><TD>1801046497</TD><TD>TRAFFIC</TD><TD>end</TD><TD>1</TD><TD>7/12/2017 11:50</TD><TD>10.30.106.52</TD><TD>131.253.61.98</TD><TD>131.253.61.98</TD><TD>ATY Technology</TD><TD>mis1\c07783</TD><TD>ssl</TD><TD>vsys1</TD><TD>INSIDE</TD><TD>OUTSIDE</TD><TD>ethernet1/2</TD><TD>ethernet1/1</TD><TD>########</TD><TD>60631</TD><TD>1</TD><TD>53706</TD><TD>443</TD><TD>36708</TD><TD>443</TD><TD>0x40001c</TD><TD>tcp</TD><TD>allow</TD><TD>12272</TD><TD>5094</TD><TD>7178</TD><TD>22</TD><TD>########</TD><TD>1</TD><TD>SSL Problem Sites</TD><TD>0</TD><TD>3.46E+08</TD><TD>0x0</TD><TD>10.0.0.0-10.255.255.255</TD><TD>0</TD><TD>13</TD><TD>9</TD><TD>tcp-fin</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD> </TD><TD>from-policy</TD></TR><TR><TD>1</TD><TD>7/12/2017 11:50</TD><TD>1801046497</TD><TD>TRAFFIC</TD><TD>end</TD><TD>1</TD><TD>7/12/2017 11:50</TD><TD>10.30.106.52</TD><TD>131.253.61.98</TD><TD>131.253.61.98</TD><TD>ATY Technology</TD><TD>mis1\c07783</TD><TD>ssl</TD><TD>vsys1</TD><TD>INSIDE</TD><TD>OUTSIDE</TD><TD>ethernet1/2</TD><TD>ethernet1/1</TD><TD>########</TD><TD>117319</TD><TD>1</TD><TD>53705</TD><TD>443</TD><TD>8985</TD><TD>443</TD><TD>0x40001c</TD><TD>tcp</TD><TD>allow</TD><TD>13147</TD><TD>5953</TD><TD>7194</TD><TD>21</TD><TD>########</TD><TD>0</TD><TD>SSL Problem Sites</TD><TD>0</TD><TD>3.46E+08</TD><TD>0x0</TD><TD>10.0.0.0-10.255.255.255</TD><TD>0</TD><TD>12</TD><TD>9</TD><TD>tcp-fin</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD> </TD><TD>from-policy</TD></TR><TR><TD>1</TD><TD>7/12/2017 11:50</TD><TD>1801046497</TD><TD>TRAFFIC</TD><TD>end</TD><TD>1</TD><TD>7/12/2017 11:50</TD><TD>10.30.106.52</TD><TD>168.61.170.80</TD><TD>168.61.170.80</TD><TD>ATY Technology</TD><TD>mis1\c07783</TD><TD>ssl</TD><TD>vsys1</TD><TD>INSIDE</TD><TD>OUTSIDE</TD><TD>ethernet1/2</TD><TD>ethernet1/1</TD><TD>########</TD><TD>224602</TD><TD>1</TD><TD>53665</TD><TD>443</TD><TD>38594</TD><TD>443</TD><TD>0x40001b</TD><TD>tcp</TD><TD>allow</TD><TD>8420</TD><TD>1540</TD><TD>6880</TD><TD>17</TD><TD>########</TD><TD>119</TD><TD>SSL Problem Sites</TD><TD>0</TD><TD>3.46E+08</TD><TD>0x0</TD><TD>10.0.0.0-10.255.255.255</TD><TD>0</TD><TD>8</TD><TD>9</TD><TD>tcp-rst-from-server</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD> </TD><TD>from-policy</TD></TR><TR><TD>1</TD><TD>7/12/2017 11:40</TD><TD>1801046497</TD><TD>TRAFFIC</TD><TD>end</TD><TD>1</TD><TD>7/12/2017 11:40</TD><TD>10.30.106.52</TD><TD>192.150.19.174</TD><TD>192.150.19.174</TD><TD>ATY Technology</TD><TD>mis1\c07783</TD><TD>ssl</TD><TD>vsys1</TD><TD>INSIDE</TD><TD>OUTSIDE</TD><TD>ethernet1/2</TD><TD>ethernet1/1</TD><TD>########</TD><TD>255638</TD><TD>1</TD><TD>53656</TD><TD>443</TD><TD>9237</TD><TD>443</TD><TD>0x40001c</TD><TD>tcp</TD><TD>allow</TD><TD>2255</TD><TD>980</TD><TD>1275</TD><TD>17</TD><TD>########</TD><TD>0</TD><TD>computer-and-internet-info</TD><TD>0</TD><TD>3.46E+08</TD><TD>0x0</TD><TD>10.0.0.0-10.255.255.255</TD><TD>0</TD><TD>7</TD><TD>10</TD><TD>tcp-fin</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD> </TD><TD>from-policy</TD></TR><TR><TD>1</TD><TD>7/12/2017 11:40</TD><TD>1801046497</TD><TD>TRAFFIC</TD><TD>end</TD><TD>1</TD><TD>7/12/2017 11:40</TD><TD>10.30.106.52</TD><TD>192.150.19.174</TD><TD>192.150.19.174</TD><TD>ATY Technology</TD><TD>mis1\c07783</TD><TD>ssl</TD><TD>vsys1</TD><TD>INSIDE</TD><TD>OUTSIDE</TD><TD>ethernet1/2</TD><TD>ethernet1/1</TD><TD>########</TD><TD>23908</TD><TD>1</TD><TD>53655</TD><TD>443</TD><TD>1876</TD><TD>443</TD><TD>0x40001c</TD><TD>tcp</TD><TD>allow</TD><TD>2123</TD><TD>908</TD><TD>1215</TD><TD>16</TD><TD>########</TD><TD>0</TD><TD>computer-and-internet-info</TD><TD>0</TD><TD>3.46E+08</TD><TD>0x0</TD><TD>10.0.0.0-10.255.255.255</TD><TD>0</TD><TD>7</TD><TD>9</TD><TD>tcp-fin</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD>0</TD><TD> </TD><TD>from-policy</TD></TR></TBODY></TABLE>Wed, 12 Jul 2017 21:30:19 GMThttps://live.paloaltonetworks.com/t5/general-topics/windows-10-browsing-issues/m-p/166227#M53296kmullen2017-07-12T21:30:19ZRe: Windows 10 browsing issues
https://live.paloaltonetworks.com/t5/general-topics/windows-10-browsing-issues/m-p/167480#M53482
<P>Support had me deactivate Agentless User-ID and install and configure Agent-ID software on several servers. This has been running for about a week, and so far, no one has reported the browsing issues that were plauging us. </P>Thu, 20 Jul 2017 15:18:52 GMThttps://live.paloaltonetworks.com/t5/general-topics/windows-10-browsing-issues/m-p/167480#M53482kmullen2017-07-20T15:18:52Z