topic Re: University Students Receiving (HTTP Status Code : 416) (CE-40862-0) On Playstation devices in General Topics

University Students Receiving (HTTP Status Code : 416) (CE-40862-0) On Playstation devices

LucasStrom — Fri, 22 Jan 2021 15:16:03 GMT

Recently started receiving reports from students that they cannot download new games or updates for their installed apps on Playstation and are greeted with the error code mentioned in the subject. I have a case open with support, but I wanted to reach out to the community as well to see if any other University admins have dealt with the issue in the past and can share what they did to fix the issue. We are running PA 3020s on PAN-OS 9.0.11

Re: University Students Receiving (HTTP Status Code : 416) (CE-40862-0) On Playstation devices

BPry — Mon, 25 Jan 2021 04:14:27 GMT

@LucasStrom,

Are you attempting to decrypt this traffic or seeing any threats being identified on the device? The only time I've seen this error in the past was when a bad signature was released and the firewall was resetting the download request.

Re: University Students Receiving (HTTP Status Code : 416) (CE-40862-0) On Playstation devices

LucasStrom — Mon, 25 Jan 2021 14:57:13 GMT

Thank you for your response. Unfortunately, we are not yet decrypting SSL traffic. I have spent a while looking at the threat logs as suggested and I am not seeing being flagged from the client devices or inbound to our NAT address.

Re: University Students Receiving (HTTP Status Code : 416) (CE-40862-0) On Playstation devices

LucasStrom — Tue, 02 Feb 2021 19:07:39 GMT

For anyone that may encounter a similar issue in the future. In our case, it ended up being that we Disabled HTTP partial response in Device --> Setup --> Content-ID --> Content-ID Settings per recommendations from the BPA. After re-enabling the "Allow Partial HTTP Response option downloads were once again successful.

Re: University Students Receiving (HTTP Status Code : 416) (CE-40862-0) On Playstation devices

Z33Z — Thu, 09 Oct 2025 05:38:35 GMT

Confirming this does appear to be the reason. We were doing the same and end result was identical with regards to PlayStation downloads. Is there a middle ground here, or you just have to risk accept turning it off again? Considering the importance of turning the feature on, it's a little concerning the resulting reasoning is to allow Playstation to download software 😂

Re: University Students Receiving (HTTP Status Code : 416) (CE-40862-0) On Playstation devices

RH747 — Thu, 09 Oct 2025 13:54:24 GMT

You can create an app override if you have specific use-cases refer to the technical documentation for your PAN-OS version. Here's the link to the latest 12.1 documentation: Device > Setup > Content-ID

Entry from 10.2 doc:

Enable this HTTP partial response option to enable a client to fetch only part of a file. When a next-generation firewall in the path of a transfer identifies and drops a malicious file, it terminates the TCP session with an RST packet. If the web browser implements the HTTP Range option, it can start a new session to fetch only the remaining part of the file. This prevents the firewall from triggering the same signature again due to the lack of context into the initial session while, at the same time, allows the web browser to reassemble the file and deliver the malicious content; to prevent this, make sure to disable this option.

Allow HTTP partial response is enabled on the firewall by default. This provides maximum availability but increases the risk of a successful cyberattack. For maximum security, disable this option to prevent the web browser from starting a new session to fetch the rest of a file after the firewall terminates the original session due to malicious activity. Disabling HTTP partial response affects HTTP-based data transfers which use the RANGE header, which may cause service anomalies for certain applications. After you disable HTTP partial response, validate the operation of your business-critical applications.

If you experience HTTP data transfer disruption on a business-critical application, you can create an Application Override policy for that specific application. Because Application Override bypasses App-ID (including threat and content inspection), create an Application Override policy for only the specific business-critical application, and specify sources and destinations to limit the rule (principle of least privilege access). Do not create Application Override policy unless you must. For information about Application Override policies, refer to https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVLCA0.

Re: University Students Receiving (HTTP Status Code : 416) (CE-40862-0) On Playstation devices

johannes4711 — Tue, 14 Oct 2025 15:00:54 GMT

Great. Thanks for that. You've saved my life. 😉