This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

PA 3020 - new security rule isn't active.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PA 3020 - new security rule isn't active.

MPI-AE
L4 Transporter

‎08-21-2017 01:28 AM

Hey all!

There is a strange problem with my PA 3020 7.1.7:

I need access from a client pc to a printer with many ports so for testing I set up a security rule with application any and service any.

The rule is enabled but it's not effective.

The firewall even doesn't have traffic logs for this connection.

 

I already had this problem in the past, I don't know anymore how I solved it.

 

Are there some things I can do?

 

Thank you!

0 Likes Likes
5 REPLIES 5

TranceforLife
L6 Presenter

‎08-21-2017 01:41 AM - edited ‎08-21-2017 01:43 AM

Hi,

 

Did you enable log in the new policy? Are you sure that the user's traffic is passing (or should pass) the firewall in order to reach the printer? For the test create any to any zone with the source ip of the test pc going to the destination ip of the printer. 

0 Likes Likes

Remo
L7 Applicator

‎08-21-2017 06:37 AM

@MPI-AE

In addition to @TranceforLife's question: if you log the traffic, do you have no logs for that rule or effectively for that connection (src and dst IP as filter)?

Or is the printer may be not responding (or wrong/no default gateway?) And you have a rule above your any-any-allow rule with an application with default ports "tcp/udp/dynamic", so all connections never hit your test-rule?

0 Likes Likes

Raido_Rattameister
Cyber Elite
Cyber Elite
In response to Remo

‎08-21-2017 06:46 PM

If pc sends traffic to printer but printer does not answer then Palo logs application as incomplete.

https://live.paloaltonetworks.com/t5/Management-Articles/Not-Applicable-Incomplete-Insufficient-Data...

 

Does traffic pass firewall? Even if PC and printer are in different subnet there might be Layer3 switch routing traffic between internal subnets.

Does traffic match this test rule? I mean are source/destination zones correct etc?

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
0 Likes Likes

MPI-AE
L4 Transporter
In response to Raido_Rattameister

‎08-23-2017 12:34 AM

Thanks for your answers!

 

I'm not sure what was the exact problem.

 

The connection is now working, but I didn't change anything.

 

That's very strange.

 

But thanks for your support, though!

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to MPI-AE

‎08-23-2017 07:19 AM

@MPI-AE,

If I would have to guess you likely want to take a look at the below article. It sounds like you don't have session-rematch enabled and the session wasn't getting properly closed on the session table. 

 

https://live.paloaltonetworks.com/t5/Learning-Articles/How-Session-Rematch-Works/ta-p/60326

0 Likes Likes
  • 2338 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks