Security policies not matching traffic

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Security policies not matching traffic

L1 Bithead

Hello! I am having quite a few strange behaviors from the Palo Alto firewalls. I have a rule for an entire subnet (10.209.82.0/24) to be allowed from inside to outside zones via any port to any IP address yet there is still somehow traffic being denied. Obviously, this isn't the greatest from a security perspective, but I arrived there out of frustration and trying to get this to work. This is happening with a few other rules as well. I have one that allows 10.209.69.0/25 out to any IP and any port. This one is odd because 10.209.69.110 can match this rule and successfully get out to a public resource that it builds a VPN tunnel to, but 10.209.69.111 doesn't match that rule at all and ends up hitting the default deny rule. I have double checked the objects over and over to ensure the subnets are correctly configured. A basic NAT is setup to NAT inside to outside to the outside IP address of the Palo Alto, which does work for everything else. I'm able to browse the web and most other functions within the data center (too many to list) are working correctly. I'm just starting to have more and more wonky issues like this lately.  

1 accepted solution

Accepted Solutions

L4 Transporter

Delete application-default and try again...

You are trying connect to port 10000 and open-vpn use tcp/1194, tcp/443, udp/1194

 

Name:  
open-vpn
 
Standard Ports:  
tcp/1194, tcp/443, udp/1194
 
 
Depends on:  
ssl, web-browsing

View solution in original post

4 REPLIES 4

L4 Transporter

Hello,

 

Have you checked that the subnets are configured correctly on the interfaces within the zone you are writing in your security rule?

 

Maybe you can share a screenshot with traffic logs and security rule for check it.


Regards

Thanks for your response! I have checked that the subnets are correct a few times. I keep questioning that myself, but they are correct. Here's two screenshots. One of the actual rule configured, which is essentially wide open for that subnet. The second is a screenshot of the logs where traffic has been denied today. 

dustincampbell_0-1654010002677.pngdustincampbell_1-1654010015914.png

 

L4 Transporter

Delete application-default and try again...

You are trying connect to port 10000 and open-vpn use tcp/1194, tcp/443, udp/1194

 

Name:  
open-vpn
 
Standard Ports:  
tcp/1194, tcp/443, udp/1194
 
 
Depends on:  
ssl, web-browsing

That was it! This resolved so many issues for me. I couldn't understand how traffic wasn't matching for quite a few other apps/functions within my network. I greatly appreciate the help!

  • 1 accepted solution
  • 3605 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!