Sorry if this is a dumb question, I'm still a bit new to PA.
I've recently had a case where a few workstations cannot access anything beyond the local network. A trace shows that they can reach their default GW, but not the next hop, which is the PA.
As a workaround, I found that changing their IP address resolved the issue. I then found that if another workstation got the old IP through DHCP, they wouldn't work either. For now I've excluded the IP's from the range.
I'm wondering if something on the PA could have seen a threat coming from these IP's, and blacklisted them. Is there any troubleshooting you would recommend in a case like this?
Here's what I've seen so far:
Hi @Luke_R ,
tcp-rst-from-server : The server sent a TCP reset to the client.
You're seeing traffic logs so your traffic is reaching the FW...
I'd check first if the traffic reaching the firewall is actually egressing out correctly ... if not then check for indicators in the global counters:
Thanks. Next time this happens I will do the packet capture.
I tried to replicate the issue on my laptop, but I haven't been able to. I haven't heard any reports of this happening to anyone else since I posted this either.
It's possible that the issue was something else, not PA. I'll just have to wait for the next report I guess.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!