07-20-2015 02:19 PM
Hi There!
I have a problem accessing Microsoft site for downloading hotfixes...The button "download" just disappeared
It should looks like this....
but .. I have A VERY SLOW CONNECTION and THIS:
Any Ideas?
Thank you!
Kind regards,
Alex
07-21-2015 02:54 AM
Hi Alex
Please post screenshot of security rule that is used to pass this traffic also ew need info - do You use SSL decryption?
Is this happend to FF/Chrome/IE?
What version of PAN OS and updates are You use?
Regards
SLawek
07-21-2015 07:41 AM
Hi SLawek,
my_test {
option {
disable-server-response-inspection no;
}
from Trust;
to Untrust;
source [ my_IP_address];
destination any;
source-user any;
category any;
application any;
service any;
hip-profiles any;
action allow;
log-start yes;
log-end no;
negate-source no;
negate-destination no;
description "Temporary_test rule";
disabled no;
tag Internet;
}
[edit]
---NO SSL decryption---
I"ve tested on IE, Chrome and FF
PAN-OS 6.1.1
Kind regards,
Alex
07-22-2015 04:51 AM
Please give us "show system info" with output similar to my:
sw-version: 6.1.4
global-protect-client-package-version: 2.2.0
app-version: 516-2823
app-release-date: 2015/07/21 15:51:50
av-version: 1604-2081
av-release-date: 2015/07/21 04:00:01
threat-version: 516-2823
threat-release-date: 2015/07/21 15:51:50
I see that You use CLI -please give us detail about session that not working properly "sh session id XXX"
Have You one internet access or more complicated routing?
Could You migrate to 6.1.4? I have some problems (different than You) on 6.1.1, so I recomendate upgrade.
Regards
SLawek
07-22-2015 08:36 AM
Hi,
Session 33666223332
c2s flow:
source: 192.168.31.90 [Trust]
dst: 23.58.191.86
proto: 6
sport: 3023 dport: 443
state: INIT type: FLOW
src user: unknown
dst user: unknown
qos node: ethernet1/3, qos member N/A Qid 0
s2c flow:
source: 23.58.191.86 [Untrust]
dst: x.x.x.x
proto: 6
sport: 443 dport: 4632
state: INIT type: FLOW
src user: unknown
dst user: unknown
qos node: ethernet1/4, qos member N/A Qid 0
DP : 1
index(local): : 111790
start time : Wed Jul 22 08:29:39 2015
timeout : 15 sec
total byte count(c2s) : 748
total byte count(s2c) : 5230
layer7 packet count(c2s) : 8
layer7 packet count(s2c) : 8
vsys : vsys1
application : ssl
rule : my_test
session to be logged at end : False
session in session ager : False
session updated by HA peer : False
address/port translation : source
nat-rule : source-nat-outside(vsys1)
layer7 processing : enabled
URL filtering enabled : False
session via syn-cookies : False
session terminated on host : False
session traverses tunnel : False
captive portal session : False
ingress interface : ethernet1/4
egress interface : ethernet1/3
session QoS rule : N/A (class 4)
tracker stage firewall : TCP RST - client
end-reason : tcp-rst-from-client
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
