- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-11-2023 07:13 AM
I am new to Palo Alto Firewalls so I am trying to figure this out. In our policy we have facebook allowed and it is not displaying the whole page. Am I missing something?
01-11-2023 08:17 AM
Assuming workstation IP is 1.2.3.4
Go to Monitor > Traffic and use filter below
( addr.src in 1.2.3.4 ) and (( action neq allow ) or ( session_end_reason eq threat ))
Also check Monitor > URL Filtering with following filter
( addr.src in 1.2.3.4 ) and ( action neq alert )
Do you see anything being blocked?
01-11-2023 08:24 AM
01-11-2023 02:05 PM
Assuming that things are default and you don't have a catch-all rule with logging enabled or logging enabled on the interzone-default rule, I'd recommend temporarily overriding the interzone-default entry to log at session end and verify that you're actually allowing all of the necessary traffic.
Keep in mind when dealing with URL categories as match criteria, by default you won't receive URL logs from your clients unless they're assigned a URL Filtering profile that has every single category set to at least 'alert' or higher.
01-12-2023 09:51 AM
In addition to what @BPry said about enabling logging on the default interzone deny rule, open up Chrome and turn on Developer Tools. Then navigate to the Facebook page and look in the Developer Tools network tab and look for 400/500 status errors. That will give you an idea of which elements of the page may be blocked. "Facebook" is a collection includes from a lot of different domains (facebook.com, facebook.net, fb.com, fbcdn.net, etc.) and third party domains.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!