Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

App downloading issue for wi-fi mobile users

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

App downloading issue for wi-fi mobile users

L4 Transporter

Dear Friends,

Need your suggestion for below issue.

PAN OS 6.0.9

Unable to download app from play store thru mobile.

There have wi-fi environment, when mobile (smart phone ) users connected thrue wi-fi, he is able to browse internet  but not able to download any app from google play store.

security policy like source wi-fi zone destination untrust application any service any action allow.

8 REPLIES 8

Cyber Elite
Cyber Elite

No security profiles added to security policy?

What logs show when you filter diferent logs with those filters?

Traffic

( action neq allow )

Threat

( action neq alert )

URL

( action neq alert )

Data

( action neq alert )

Anything blocking?

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Hi Raido,

There is no such kind of security profile (security profile none) and in logs showing application = Incomplete or Insufficient data.

Thnx

Satish

Cyber Elite
Cyber Elite

I would start troubleshooting by checking box "log at session start" on policy's Action tab.

This will generate log entry for every application shift.

And check if anything strange there.

No decryption policyes in place?

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

Can you find the logs for the specific attempt to download from the play store?

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Hi Raido,

No any decryption policies.

Regards

Satish

Hi Steven,

i cant think so only showing incomplete application thats all and also tried pcap file. we didn't get any  drop packet.

Regards

Satish

Cyber Elite
Cyber Elite

If you don't have any security profiles (security profile none as you mentioned) then you don't see file downloads in logs.

Configure file blocking profile to log all and add it to security policy.

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011

I would try to setup a span port and do a full pcap of the transaction if at all possible.  I think we really need to see the closing packets of the session to understand why the transaction is failing.

You may also want to open a ticket on this with support.  They have access to deeper levels of logs and session status that could shed light on the issue.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 4853 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!