We have a PA in 8.0.4 version and we cant access to this web https://www.metromadrid.es. The only web is not working is this.
We tried to create a rule permitting all traffic, without any profile, but its not working. We see the session like allowed, packets sent and received, but browser stuck loading and web is not showed.
this is the session created:
This is the pcap
Do you see any strange behaviour in this web https://www.metromadrid.es ?
Yes, it is not accessible here in UK. from the PCAP we can see the missing 3-way handshake and constant re-transmit of the SYN packets. Most likely web server is down.
hmm l think it is UP now:
Server is UP, we can access from another PA.
Yes, its seems like 3-way is not done but in session details we see packets sent and received.
I thought that could be a problem of our ISP with that web or in the server side but a colleague told me that if he accessed using his iphone worked with IOS 9 and 10. Quite strange.....
I add a pcap. i tried first with chrome (not working) and then with Firefox and now its working. If i use chrome after start session with firefox, its also working with chrome. Its like if the session is started with https is not working in both browsers, but if i start the session with http://metromadrid.es in Firefox the session is established. After being established the web is wowking in both browsers. What could be cause this problem???
This is the Firewall.pcap.
Thi is a bit confusing now. New tab in the web browser = new session for Palo. It doesn't matter Chrome or Firefox first, for Palo it is a new session. Did you try to test from the different client/PC?
Yes, all devices going through this PA have the same behavior.
I go to "session browser", i close all sessions to web server, i try with chrome or firefow and its working with both.
I dont find any pattern
Im trying to find any different between http request from our browsers. Maybe http get or connect are different.
i did that. Even i created a custom app with "http-get=metromadrid.es" but it doesnt work because threeway is not done when its not working....
I disabled DSRI, deleted zone protection in untrust interface... i dont know what more i can do :S
Quite weird.....i dont have any idea whats happening
Hmmmm.. Any intermediate devices before or after the FW that could potentially interfere with this session?
Can you post successful and failed https session output using the "magnifying glass" option (eg):
It is hard to prove but l doubt it is PA issue :D lets see
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!