Since update problem with a particular site

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Since update problem with a particular site

L3 Networker

Hi All,

I have a rather strange thing happening. Tuesday this week I did the latest PA updates (Software, URL, Antivirus and The Application/threat). It all seemed to go fine, but I have been informed that since the updates our users are having problem with our ISP management site. Now there is nothing fancy about this site. It is all HTTP. However, when they are navigating through the site they will click on something and then it will go to a blank page and say done. Or only load up half the page.

If you refresh sometimes you will get the page. But it only seems to be on users with IE8 and Chrome. Works fine on IE9.

I have checked the PA monitors and we are all using the same rule to get to that site. The site is added to the allow list. I have tried all the usual things of troubleshooting IE itself. I would try upgrading them to IE9 but they are on XP, so can't do that.

It just seems strange as PA doesn't seem to be blocking anything, however, if I connect a computer directly out to the internet and bypass the PA box then this site works fine.

Anybody got any ideas on this rather odd problem?

Thanks,

James

1 accepted solution

Accepted Solutions

No. But I found and resolved the problem this afternoon. I found that there was an old no-decrypt rule I had for my pc IP when I was testing something a while back and forgot to remove. Hence why my pc was fine on that site but other people were not. So it was nothing to do with the version of IE or windows in the end.

Put a no-decrypt rule in for my colleagues for that website and it works fine now.

Although this problem only happened since the PA update and my ISP are saying nothing has changed on their website. However, as I want to prove it one way or the other I am going to plug my other PA box in after hours which is running the old PA S/W 4.16 and see if I get the same issue.

Thanks for all the help on this one guys. You pointed me in the right direction as it was the URL-Filtering logs that showed me that my data was not being decrypted while my colleagues was.

View solution in original post

7 REPLIES 7

L4 Transporter

Hi James,

This is interesting.While the users are using IE 8 and chrome, can you get the packet capture on the client PC as well as the firewall and compare with working condition when the users are using IE9.

Are the users using Chrome 21 , So far this issue has been observed in chrome.  https://live.paloaltonetworks.com/docs/DOC-3496

It might be difficult to believe that it is a content issue but as a troubleshooting step can we revert to the previous content and confirm that the issue disappears?

Regards

L6 Presenter

Did you check threat logs and see if any deny's are there ? Also try doing a packet capture an see if anything unusual there.

Sandeep T

Thanks for the suggestions guys.

I have checked the threat logs and no, there are no deny's in there for that server address. I am going to run a packet capture to see if anything shows up in there, but if you have any other suggestions I would be happy to hear them

Hi James,

Verify if the site is getting categorized correctly.

Use this command to verify it.

admin> test url

  <value>  Test URL categorization

If it is being categorized incorrectly you can clear the url cahce by using the following commands

clear url-cache all


Let us know if this helps.



Thank you

Numan

Hi Numan,

It says it https: private-ip-addresses (base db) when I do that command. Does that tell you anything?

That just means that it is a private network and not a public . Since it is internal to the network with reserved ip address it is showing that.

Did clearing the cache help.

Thanks

Numan

No. But I found and resolved the problem this afternoon. I found that there was an old no-decrypt rule I had for my pc IP when I was testing something a while back and forgot to remove. Hence why my pc was fine on that site but other people were not. So it was nothing to do with the version of IE or windows in the end.

Put a no-decrypt rule in for my colleagues for that website and it works fine now.

Although this problem only happened since the PA update and my ISP are saying nothing has changed on their website. However, as I want to prove it one way or the other I am going to plug my other PA box in after hours which is running the old PA S/W 4.16 and see if I get the same issue.

Thanks for all the help on this one guys. You pointed me in the right direction as it was the URL-Filtering logs that showed me that my data was not being decrypted while my colleagues was.

  • 1 accepted solution
  • 4554 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!