I have LinuxA (redhat 6.10) and LinuxB (CentOS 7.9) sitting in ZoneA accessing LinuxC (Ubuntu 20.x) sitting in ZoneB on http port without any NAT, jut routing and we have firewall rule to allow tcp port 80 (application ANY) for LinuxA and LinuB to communicate with LinuxC on tcp port 80. The PAN firewall is PA-5250 running PANOS 9.1.10
From LinuxA, I use "curl -v -k http://LinuxC/rancid, I see the PAN firewall accepting the three way handshake, but after that it drops on the "get" as seen below:
GET /rancid HTTP/1.1
User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.44 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Everything is working fine from LinuxB without any issues as seen below:
GET /rancid HTTP/1.1
HTTP/1.1 301 Moved Permanently
Date: Fri, 17 Sep 2021 19:42:10 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<title>301 Moved Permanently</title>
<p>The document has moved <a href="http://LinuxC/rancid/">here</a>.</p>
<address>Apache/2.4.41 (Ubuntu) Server at LinuxC Port 80</address>
any ideas anyone?
Hello @dtran, If you see the traffic being allowed in the firewall, I would recommend going through the steps of this article and see if Palo lists a reason as to why its dropping the connection. These steps have been helpful many times before in my troubleshooting. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloNCAS
I assume no Filtering profiles (TP,AV,URL,...) are attached to this traffic policy.
Check the traffic log for LinuxA->LinuxC:
1. Session end reason - is it incomplete, tcp-reset-from-xxxx, web-browsing?
2. Open this log's detailed log view and check the details pane. Note number of packets send and received. Zero (0) packets received will point you to a situation where packets are not returned from LinuxC towards LinuxA.
3. Perform a Packet capture as @bafergel pointed out in the article he attached. This will allow you to see what is received and transmitted and also (possibly) dropped by the firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!