https://live.paloaltonetworks.com/t5/general-topics/a-very-weird-issue/m-p/434961#M96027 <P>I have LinuxA (redhat 6.10) and LinuxB (CentOS 7.9) sitting in ZoneA accessing LinuxC (Ubuntu 20.x) sitting in ZoneB on http port without any NAT, jut routing and we have firewall rule to allow tcp port 80 (application ANY) for LinuxA and LinuB to communicate with LinuxC on tcp port 80.&nbsp; The PAN firewall is PA-5250 running PANOS 9.1.10</P><P>&nbsp;</P><P>From LinuxA, I use "curl -v -k <A href="http://LinuxC/rancid," target="_blank" rel="noopener">http://LinuxC/rancid,</A> I see the PAN firewall accepting the three way handshake, but after that it drops on the "get" as seen below:</P><P><SPAN>GET /rancid HTTP/1.1</SPAN></P><P><SPAN>User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.44 zlib/1.2.3 libidn/1.18 libssh2/1.4.2</SPAN></P><P><SPAN>Host: LinuxC</SPAN></P><P><SPAN>Accept: */*</SPAN></P><P>&nbsp;</P><P>Everything is working fine from LinuxB without any issues as seen below:</P><P>GET /rancid HTTP/1.1<BR />User-Agent: curl/7.29.0<BR />Host: LinuxC<BR />Accept: */*</P><P>HTTP/1.1 301 Moved Permanently<BR />Date: Fri, 17 Sep 2021 19:42:10 GMT<BR />Server: Apache/2.4.41 (Ubuntu)<BR />Location: <A href="http://LinuxC/rancid/" target="_blank" rel="noopener">http://LinuxC/rancid/</A><BR />Content-Length: 319<BR />Content-Type: text/html; charset=iso-8859-1</P><P>&lt;!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"&gt;<BR />&lt;html&gt;&lt;head&gt;<BR />&lt;title&gt;301 Moved Permanently&lt;/title&gt;<BR />&lt;/head&gt;&lt;body&gt;<BR />&lt;h1&gt;Moved Permanently&lt;/h1&gt;<BR />&lt;p&gt;The document has moved &lt;a href="<A href="http://LinuxC/rancid/" target="_blank" rel="noopener">http://LinuxC/rancid/</A>"&gt;here&lt;/a&gt;.&lt;/p&gt;<BR />&lt;hr&gt;<BR />&lt;address&gt;Apache/2.4.41 (Ubuntu) Server at LinuxC Port 80&lt;/address&gt;<BR />&lt;/body&gt;&lt;/html&gt;</P><P>&nbsp;</P><P>any ideas anyone?</P> Fri, 17 Sep 2021 20:48:10 GMT dtran 2021-09-17T20:48:10Z https://live.paloaltonetworks.com/t5/general-topics/a-very-weird-issue/m-p/434961#M96027 <P>I have LinuxA (redhat 6.10) and LinuxB (CentOS 7.9) sitting in ZoneA accessing LinuxC (Ubuntu 20.x) sitting in ZoneB on http port without any NAT, jut routing and we have firewall rule to allow tcp port 80 (application ANY) for LinuxA and LinuB to communicate with LinuxC on tcp port 80.&nbsp; The PAN firewall is PA-5250 running PANOS 9.1.10</P><P>&nbsp;</P><P>From LinuxA, I use "curl -v -k <A href="http://LinuxC/rancid," target="_blank" rel="noopener">http://LinuxC/rancid,</A> I see the PAN firewall accepting the three way handshake, but after that it drops on the "get" as seen below:</P><P><SPAN>GET /rancid HTTP/1.1</SPAN></P><P><SPAN>User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.44 zlib/1.2.3 libidn/1.18 libssh2/1.4.2</SPAN></P><P><SPAN>Host: LinuxC</SPAN></P><P><SPAN>Accept: */*</SPAN></P><P>&nbsp;</P><P>Everything is working fine from LinuxB without any issues as seen below:</P><P>GET /rancid HTTP/1.1<BR />User-Agent: curl/7.29.0<BR />Host: LinuxC<BR />Accept: */*</P><P>HTTP/1.1 301 Moved Permanently<BR />Date: Fri, 17 Sep 2021 19:42:10 GMT<BR />Server: Apache/2.4.41 (Ubuntu)<BR />Location: <A href="http://LinuxC/rancid/" target="_blank" rel="noopener">http://LinuxC/rancid/</A><BR />Content-Length: 319<BR />Content-Type: text/html; charset=iso-8859-1</P><P>&lt;!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"&gt;<BR />&lt;html&gt;&lt;head&gt;<BR />&lt;title&gt;301 Moved Permanently&lt;/title&gt;<BR />&lt;/head&gt;&lt;body&gt;<BR />&lt;h1&gt;Moved Permanently&lt;/h1&gt;<BR />&lt;p&gt;The document has moved &lt;a href="<A href="http://LinuxC/rancid/" target="_blank" rel="noopener">http://LinuxC/rancid/</A>"&gt;here&lt;/a&gt;.&lt;/p&gt;<BR />&lt;hr&gt;<BR />&lt;address&gt;Apache/2.4.41 (Ubuntu) Server at LinuxC Port 80&lt;/address&gt;<BR />&lt;/body&gt;&lt;/html&gt;</P><P>&nbsp;</P><P>any ideas anyone?</P> Fri, 17 Sep 2021 20:48:10 GMT https://live.paloaltonetworks.com/t5/general-topics/a-very-weird-issue/m-p/434961#M96027 dtran 2021-09-17T20:48:10Z https://live.paloaltonetworks.com/t5/general-topics/a-very-weird-issue/m-p/434973#M96029 <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/41973">@dtran</a>, If you see the traffic being allowed in the firewall, I would recommend going through the steps of this article and see if Palo lists a reason as to why its dropping the connection. These steps have been helpful many times before in my troubleshooting.&nbsp; <A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloNCAS" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloNCAS</A></P> Fri, 17 Sep 2021 21:01:03 GMT https://live.paloaltonetworks.com/t5/general-topics/a-very-weird-issue/m-p/434973#M96029 bafergel 2021-09-17T21:01:03Z https://live.paloaltonetworks.com/t5/general-topics/a-very-weird-issue/m-p/435098#M96037 <P>Hi</P><P>&nbsp;</P><P>I assume no Filtering profiles (TP,AV,URL,...) are attached to this traffic policy.</P><P>Check the traffic log for LinuxA-&gt;LinuxC:</P><P>1. Session end reason - is it incomplete, tcp-reset-from-xxxx, web-browsing?</P><P>2. Open this log's detailed log view and check the details pane. Note number of packets send and received. Zero (0) packets received will point you to a situation where packets are not returned from LinuxC towards LinuxA.</P><P>3. Perform a Packet capture as <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/176243">@bafergel</a> pointed out in the article he attached. This will allow you to see what is received and transmitted and also (possibly) dropped by the firewall.</P><P>&nbsp;</P><P>Shai</P> Sun, 19 Sep 2021 09:34:05 GMT https://live.paloaltonetworks.com/t5/general-topics/a-very-weird-issue/m-p/435098#M96037 ShaiW 2021-09-19T09:34:05Z