policy-deny website problem

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

policy-deny website problem

L4 Transporter

Hey all,

PA-3020 8.0.7

I would like to access https://experimental-concert-research.org and I get "Secured connection failed"

The traffic log allows those packets, but session end reason says "policy-deny".

I have never seen this before.

Can someone tell me what's the problem here?

Thank you.

1 accepted solution

Accepted Solutions

Please have a look at the unified log and the threat log, if there is more detail about the connection.

 

If not: Please create a filter and have a look at the global counters, described here:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clf1CAC

Best Regards
Chacko

View solution in original post

4 REPLIES 4

L4 Transporter

I guess you are using TLS-Interception and have a corresponding Decryption policy.

Please check the decryption profile, I'm sure the site is using algorithms which are not allowed according to your decryption profile.

Best Regards
Chacko

@Chacko42No, I don't have a decryption policy

Please have a look at the unified log and the threat log, if there is more detail about the connection.

 

If not: Please create a filter and have a look at the global counters, described here:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clf1CAC

Best Regards
Chacko

@Chacko42  Wow thank you! I have never used unified log before. But it helped me a lot because it's a url problem. Normally a url banner appears so I never expected that it's a url problem.

  • 1 accepted solution
  • 3664 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!