App downloading issue for wi-fi mobile users

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L4 Transporter

App downloading issue for wi-fi mobile users

Dear Friends,

Need your suggestion for below issue.

PAN OS 6.0.9

Unable to download app from play store thru mobile.

There have wi-fi environment, when mobile (smart phone ) users connected thrue wi-fi, he is able to browse internet  but not able to download any app from google play store.

security policy like source wi-fi zone destination untrust application any service any action allow.

Highlighted
L7 Applicator

No security profiles added to security policy?

What logs show when you filter diferent logs with those filters?

Traffic

( action neq allow )

Threat

( action neq alert )

URL

( action neq alert )

Data

( action neq alert )

Anything blocking?

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI
Highlighted
L4 Transporter

Hi Raido,

There is no such kind of security profile (security profile none) and in logs showing application = Incomplete or Insufficient data.

Thnx

Satish

Highlighted
L7 Applicator

I would start troubleshooting by checking box "log at session start" on policy's Action tab.

This will generate log entry for every application shift.

And check if anything strange there.

No decryption policyes in place?

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI
Highlighted
L7 Applicator

Can you find the logs for the specific attempt to download from the play store?

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Highlighted
L4 Transporter

Hi Raido,

No any decryption policies.

Regards

Satish

Highlighted
L4 Transporter

Hi Steven,

i cant think so only showing incomplete application thats all and also tried pcap file. we didn't get any  drop packet.

Regards

Satish

Highlighted
L7 Applicator

If you don't have any security profiles (security profile none as you mentioned) then you don't see file downloads in logs.

Configure file blocking profile to log all and add it to security policy.

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE, PCNSE, PCNSI
Highlighted
L7 Applicator

I would try to setup a span port and do a full pcap of the transaction if at all possible.  I think we really need to see the closing packets of the session to understand why the transaction is failing.

You may also want to open a ticket on this with support.  They have access to deeper levels of logs and session status that could shed light on the issue.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!