https://live.paloaltonetworks.com/t5/general-topics/pa-blocking-returned-traffic/m-p/12165#M8918 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Try creating a new Zone Protection profile (in Network -&gt; Network Profiles).</P><P></P><P>In the new profile set the "Reject Non-SYN TCP" to no.</P><P></P><P>Apply this zone profile to your zone - sorry can't remember if it will be the internal or external zone!</P></BODY></HTML> Thu, 14 Aug 2014 13:23:43 GMT ajbool 2014-08-14T13:23:43Z https://live.paloaltonetworks.com/t5/general-topics/pa-blocking-returned-traffic/m-p/12164#M8917 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I've deployed PA-500 recently, and I'm experiencing an interesting situation.</P><P>PA-500 is deployed in virtual-wire, and I'm filtering only my main ISP connection (ISP 1). The connection for ISP 2 goes directly to the router.</P><P>We have a web server, which accepts requests from users through ISP2, and replies back but the router sends the replies through ISP1 (as it is the default connection). This returned traffic is block from PA-500, even though I applied a policy rule to allow everything from inside to outside.</P><P></P><P>Please if you can provide a solution to this issue.</P><P></P><P>Below is a diagram visualizing the problem.</P><P></P><P><IMG alt="" class="image-0 jiveImage" src="https://live.paloaltonetworks.com/legacyfs/online/14963_pastedImage_0.png" style="max-width: 1200px; max-height: 900px;" /></P></BODY></HTML> Thu, 14 Aug 2014 13:19:37 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-blocking-returned-traffic/m-p/12164#M8917 Besfort 2014-08-14T13:19:37Z https://live.paloaltonetworks.com/t5/general-topics/pa-blocking-returned-traffic/m-p/12165#M8918 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Try creating a new Zone Protection profile (in Network -&gt; Network Profiles).</P><P></P><P>In the new profile set the "Reject Non-SYN TCP" to no.</P><P></P><P>Apply this zone profile to your zone - sorry can't remember if it will be the internal or external zone!</P></BODY></HTML> Thu, 14 Aug 2014 13:23:43 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-blocking-returned-traffic/m-p/12165#M8918 ajbool 2014-08-14T13:23:43Z https://live.paloaltonetworks.com/t5/general-topics/pa-blocking-returned-traffic/m-p/12166#M8919 <HTML><HEAD></HEAD><BODY><P>Thanks a lot ajbool, it is working <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://live.paloaltonetworks.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" />. I had to apply it on the internal zone.</P><P></P><P>Regards,</P><P>-B</P></BODY></HTML> Thu, 14 Aug 2014 14:42:14 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-blocking-returned-traffic/m-p/12166#M8919 Besfort 2014-08-14T14:42:14Z