Spotify traffic showing up as an incomplete application

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Spotify traffic showing up as an incomplete application

I have to allow certain streaming music apps (Spotify, Pandora, etc.) though my PA and I've been trying to see how that bandwidth looks like first before I allow it and throw it in a QoS ploicy for the rest of my company. I created a rule to allow the Spotify application outbound for just myself and created QoS policy on the PA that would limit it, but is showing up as an incomplete application in the traffic logs and the QoS statistics logs are not factoring in my music traffic. I am able to stream muxic when my rule is active,  but unsure why it is not being classified correctly.

 

Any thoughts to why it is showing up as incomplete?

 

 

1 accepted solution
4 REPLIES 4

Cyber Elite
Cyber Elite

Hello,

Are you doing SSL decryption? If yes then its probably getting blocked at the application layer. Check the traffic logs to see where its getting blocked. Incomplete means that it didnt have enough traffic to figure out the application or its a routing issue, but sounds like the traffic issue.

 

Hope that helps.

SSL Decrypt was part of the problem, but after further testing, I found out that the actual music streaming from Spotify gets classified as ssl or web-browsing, which makes it difficult to try and put it under a QoS policy. It would be nice if you could make a QoS policy based off URL Category and not just applications.

 

Are there any recommendations on how I can approach this differently?

L0 Member

you're encountering an issue where your Palo Alto (PA) firewall is not correctly classifying Spotify traffic, even though you're able to stream music. You’ve created an outbound rule for Spotify, applied a QoS policy, but the traffic is showing up as "incomplete" in the logs, and it's not being reflected in the QoS statistics. This could be happening due to a few reasons. First, some streaming services like Spotify use multiple protocols and ports, which might not be getting fully captured by your current application rule. It's possible that the traffic is partially classified or some packets are not matching your rule criteria. You could try checking for any unclassified traffic related to Spotify by looking at the session logs or adjusting your rule to account for additional ports and protocols. Additionally, you may need to verify that your PA’s application signatures are up-to-date, as outdated signatures can cause issues with identifying specific apps like Spotify. Finally, ensuring that your QoS policy is correctly targeting the identified traffic and that no other rules are interfering with it may help the PA classify and log the traffic properly.

  • 1 accepted solution
  • 4009 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!