PA-5050 Google search engine issue?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PA-5050 Google search engine issue?

L6 Presenter

Hi Guys,

 

Having an interesting same time strange problem. Don't think it is Palo issue but decided to post here if somebody has seen the same before. Trust > Untrust traffic NATed to the external interface. All users affected but for test we do have a host in the Trust zone without any profile attached to the policy purely any any allow to the Internet. Everything is working fine except google search engine. Initially, l thought its a problem with the browser, but when l change search engine (withing the Google browser) to the Yahoo all works fine. So the issue is when you search for some images in the chrome and trying to navigate to any of them and click on it the image redirection/pop up is not happening. When you do a right click > Open in the new tab the page is loading and all good. The issue is intermittent (which again makes me think it's not PA). There is also FireEye appliance so not sure if that's can interact in some way. Pic 1 when it is not working and Pic 2 when everything is good and working fine:

 

1)

 

no pop up.PNG

 

2)

 

 

when working.PNG

 

 

Thx,

Myky

1 accepted solution

Accepted Solutions

Yeah, the capture needs to be run on the affected workstation.  These functions are basic client side scripting.  Since it is not changing at all I suspect the issue is in chrome.  

 

If it were network I would expect to see the visual change without any data coming back from the script so missing image displays as a result.

 

The other tool that might help is chrome dev showing what is happening with the client side scripting.

 

https://developers.google.com/web/tools/chrome-devtools/

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

View solution in original post

5 REPLIES 5

L7 Applicator

Agree, it looks like a browser issue to me.  Did your chrome update recently or is there an updated version available for the ones experiencing the issue?

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Thanks . Did try to install and reinstall the Chrome, no difference. I did a PCAP and could see something strange:
 
So when it is not working no HTTP GET messages from the client (apart from the couple when l opened manually a link with right click and open in the new tab):
 
session when the searching engine is not working:
 

 
session when the searching engine is not working:
 
 
 
Shame l didn't do from the client side co can compare/see if the client even initiate GET requests, if yes how firewall then see them. 
 
Thx,
Myky
 

Yeah, the capture needs to be run on the affected workstation.  These functions are basic client side scripting.  Since it is not changing at all I suspect the issue is in chrome.  

 

If it were network I would expect to see the visual change without any data coming back from the script so missing image displays as a result.

 

The other tool that might help is chrome dev showing what is happening with the client side scripting.

 

https://developers.google.com/web/tools/chrome-devtools/

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

@pulukas this just magically started working again. Customer has another inline device FireEye so not sure if that could cause this behaviour and unfortunately had no chance to run PCAP from the client side.

Fireeye can do deep packet changes so it is a possible culprit for this type of issue too.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 1 accepted solution
  • 2732 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!