- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-19-2019 03:20 PM
Hi,
Recentely the firewall upgraded from 6.1.5 to 8.1.6 but after upgrading there is something strange, there is a allowed rule but in monitor tab it hit deny, i tried to move it to top but still the same issue ( Session End Reason: policy-deny ).
Any help will be highly appricated
Thanks
03-20-2019 01:31 AM
web-browsing standard port is tcp/80, your traffic is to tcp/8080 . And your policy will be to allow web-browsing only on standard ports, so it wont match to policy.
You need to allow web-browsing over tcp/8080 in security policy.
03-19-2019 07:35 PM
Can you include a screenshot of the rule that the traffic should be hitting along with an example of the detailed log view of the traffic that is hitting the interzone-default policy.
Just to verify as well, are you actually hitting the interzone-default policy? If you are hitting the allow security entry that you expect, with the action being allow but the SER being policy-deny, you could possibly simply be running into a certificate pinning issue if you are running decryption.
03-19-2019 11:01 PM
Hi @DPWorld ,
As you have moved from 6 to 8, there are changes to default actions in PA,
Check whether you are hitting the below policy behaviour change,
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFtCAK
03-20-2019 01:31 AM
web-browsing standard port is tcp/80, your traffic is to tcp/8080 . And your policy will be to allow web-browsing only on standard ports, so it wont match to policy.
You need to allow web-browsing over tcp/8080 in security policy.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!