GP users are getting denied random times

Reply
L7 Applicator

Re: GP users are getting denied random times

I would extend that to 480 (8 Hours)

I have mine set to 24 hours but for some thats too long.

 

4 Hours may be OK.   but try  8 and reduce if needs be.

L7 Applicator

Re: GP users are getting denied random times

also use....:-

 

show user ip-user-mapping  all

 

this will display all known users to IP address and when the expire

L2 Linker

Re: GP users are getting denied random times

Hi

 

I have done this but again user reported that next day . 

 

I got debugging logs from user and I see it's an issue on HIP report that timed out . I have opened a case with Palo Alto and waiting their availability to check it .

L4 Transporter

Re: GP users are getting denied random times

Keep us posted on this.

Lets see what PA says?

 

Surprise Hip report can cause this issue

MP
L2 Linker

Re: GP users are getting denied random times

PA released version 5.0.6 that fix some HIP issues. Now for the case I have they are still reviewing the files I sent them .

 

From what I see is that :

 

 (T20032) 11/28/19 11:18:03:568 Debug(4477): Send hip report check failed

 

I have increased the timeout to 1 day for the HIP report from 3 hours that was set.I will keep you posted .

Tags (1)
L2 Linker

Re: GP users are getting denied random times

Palo Alto engineer and myself we were looking the logs .

 

User connected in the morning , opened a UDP session with significant amount of data transimtted and recevied .Was allowed by an ACL in line 35 let's say and after 3 hours Deny ALL acl was matching in line 50 .

 

We see that HIP report was sent and there flags 0x63 & 0x61 on the allowed and deny from the log .We suspect that is related to HIP report .We see that was sent every hour and HIP log is matching the HIP profile every hour .Question is why traffic that elapsed time was 3 hours is mathcing after that time DENY ALL ACL. 

 

 

L4 Transporter

Re: GP users are getting denied random times

Thanks for updating on this.

MP
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!