11-30-2022 09:29 PM
Many government sites are not opening on paloalto networks. Same is opening on outside network. Please suggest
12-01-2022 12:03 AM - edited 12-01-2022 12:05 AM
Hi @SankalpS ,
You're not giving us much to work with.
What do you see exactly ? Is there a time-out or other error message ? Is your policy allowing it ? Do you see the connection attempt in the traffic logs ? Are you using decryption ? If so, is it being decrypted properly ? Do you see any drops in global counters when trying to access the websites ? Which platform and PAN-OS version are you using ?
12-01-2022 12:13 AM
Getting site cant reached message when we try to open indian government sites link morth.nic.in. Also we try to by removing ILL cable from firewall and directly connecting to laptop then sites works.
Our many customers are facing this issue for last two days.
12-02-2022 07:50 AM
We also faced same issues. Example of Govt Site
12-02-2022 12:58 PM
If you are using SSL decryption, set the government and military URL filter to bypass decryption. Many of these sites dont like to be decrypted since it looks like a man in the middle attack. While it is man in the middle, its not an attack.
Hope this makes sense.
12-02-2022 08:27 PM
Nop, We are not using any decryption functionality in our appliance. Without SSL encryption/Decryption its not working, Whereas same traffic through checkpoint firewall working perfectly.
12-03-2022 09:35 AM
Hi @SankalpS , @RVLINFRASEC ,
Have you done any troubleshooting on the firewall? Can you provide some output:
- Are you using URL filtering?
- Does your URL and DNS security licenses are still active?
- Check one of the problematic sites how firewall is categorizing it. Connect with SSH to CLI and use the following command:
> test url <url> > test url-info-host <url>
Replace <url> with the address you want to test. What is the output? What action is set for the same category in your URL filtering profile?
- Search URL logs (Monitor -> URL) for one of the problematic URLs. Do you see any logs? What action is seen in the logs?
- Resolve one of the problematic sites (with nslookup for example), search this IP in the Unified logs (Monitor -> Unified). Do you see any deny/block? Check one of the traffic logs - what is the "session end reason"? Is the counter for bites received different than zero?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!