policy-deny website problem

L4 Transporter

policy-deny website problem

Hey all,

PA-3020 8.0.7

I would like to access https://experimental-concert-research.org and I get "Secured connection failed"

The traffic log allows those packets, but session end reason says "policy-deny".

I have never seen this before.

Can someone tell me what's the problem here?

Thank you.

L4 Transporter

Re: policy-deny website problem

I guess you are using TLS-Interception and have a corresponding Decryption policy.

Please check the decryption profile, I'm sure the site is using algorithms which are not allowed according to your decryption profile.

L4 Transporter

Re: policy-deny website problem

@Chacko42No, I don't have a decryption policy

L4 Transporter

Re: policy-deny website problem

Please have a look at the unified log and the threat log, if there is more detail about the connection.

 

If not: Please create a filter and have a look at the global counters, described here:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clf1CAC

L4 Transporter

Re: policy-deny website problem

@Chacko42  Wow thank you! I have never used unified log before. But it helped me a lot because it's a url problem. Normally a url banner appears so I never expected that it's a url problem.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!