Palo Alto blocking Wii game

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Palo Alto blocking Wii game

L1 Bithead

Hi All -

Just got my Palo Alto installed last week!  So far so good.  Hope this is the right place to be posting...

I just got a message from a student that since the firewall install, a game on his Wii U, Monster Hunter, has stopped working.  He claims this game works via P2P -- I haven't not looked in to this yet.   We do not block P2P, but we use QoS to rate limit it.  What's the best way to approach troubleshooting here?  I'm assuming Palo Alto won't tell me which traffic is specifically for Monster Hunter.

Open to suggestions...

Thanks!

Max

3 REPLIES 3

L5 Sessionator

Please navigate to Monitor tab and click on traffic. Now enter the following filter ( addr.src in userip )

Also if you could login into the cli using ssh, run the following command

>show session all filter source (ip in question) and then look at the session i.e >show session id (id)

for example:-

admin@92-PA-3050> show session all

--------------------------------------------------------------------------------

ID      Application    State   Type Flag  Src[Sport]/Zone/Proto (translated IP[P

ort])

Vsys                                      Dst[Dport]/Zone (translated IP[Port])

--------------------------------------------------------------------------------

56478   telnet         ACTIVE  FLOW       192.168.192.217[35534]/trust-L3/6  (19

2.168.192.217[35534])

>show session id 56748

Session           56478

        c2s flow:

                source:      192.168.192.217 [trust-L3]

                dst:         10.2.2.1

                proto:       6

                sport:       35534           dport:      23

                state:       ACTIVE          type:       FLOW

                src user:    unknown

                dst user:    unknown

        s2c flow:

                source:      10.2.2.1 [test]

                dst:         192.168.192.217

                proto:       6

                sport:       23              dport:      35534

                state:       ACTIVE          type:       FLOW

                src user:    unknown

                dst user:    unknown

        start time                    : Wed Jun  5 19:09:21 2013

        timeout                       : 432000 sec

        time to live                  : 344073 sec

        total byte count(c2s)         : 3028

        total byte count(s2c)         : 0

        layer7 packet count(c2s)      : 50

        layer7 packet count(s2c)      : 0

        vsys                          : vsys1

        application                   : telnet

        rule                          : rule1

        session to be logged at end   : True

        session in session ager       : True

        session synced from HA peer   : False

        layer7 processing             : enabled

        URL filtering enabled         : False

        session via syn-cookies       : False

        session terminated on host    : False

        session traverses tunnel      : False

        captive portal session        : False

        ingress interface             : ethernet1/4

        egress interface              : ethernet1/7

        session QoS rule              : N/A (class 4)

L5 Sessionator

If Wii U has private IP address and PaloAlto applies NAT to this session, the reason he could not connect to P2P network might be this :

Thanks for the reply!  This is what I see when I do that.  Nothing is coming up as blocked.  Everything is being allowed.  The unknown-udp entries look suspicious, different ports every time.  The CLI commands aren't showing anything currently as he must have this device off -- I'll have to work with him on that.  Anything else I can look at?

Screen Shot 2013-06-07 at 10.02.18 PM.png

  • 2213 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!