This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Trafic blocked when security profile enabled

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Trafic blocked when security profile enabled

Stephen24
L2 Linker

‎03-12-2020 10:01 AM

Hello Community,

 

Traffic is blocked by the Firewall Palo when security profile is enabled and need to disabled it to access to the destination server

How can we solve this?

Thanks!

 

S

0 Likes Likes
7 REPLIES 7

Stephen24
L2 Linker

‎03-12-2020 10:07 AM

Additionnal information,

The same security profile is enabled on other security rules and do not cause any issue

Thank you

0 Likes Likes

SutareMayur
Cyber Elite
Cyber Elite
In response to Stephen24

‎03-13-2020 07:50 AM

Hi @Stephen24 What are you seeing in traffic logs? Which security profile is blocking traffic?

 

Mayur

M
0 Likes Likes

Stephen24
L2 Linker
In response to SutareMayur

‎03-13-2020 08:20 AM

Hello Mayur,

 

In the traffic logs I see traffic is matching with the rule Deny All and after is allowed

Configuration of the security profile is :

Antivirus profile = av_all

Anti-Spyware Profile strict

Vulnerability Protection Profile protec_all

 

Thank you

0 Likes Likes

SutareMayur
Cyber Elite
Cyber Elite
In response to Stephen24

‎03-13-2020 08:37 AM

@Stephen24 If you are seeing deny all in traffic logs itself then cross verify security policy first. If anything is getting blocked/deny due to security profile, then it should be seen under Threat, URL filtering logs.

 

Please do security policy test using 'test' command under cli.

 

Mayur

M
0 Likes Likes

Stephen24
L2 Linker
In response to SutareMayur

‎03-17-2020 01:15 AM

Thank you

May I use this command for example :

test security-policy-match source <source IP> destination <destination IP/netmask> protocol <protocol number>

Or is there a better way for testing what is blocking by the security profile?

0 Likes Likes

SutareMayur
Cyber Elite
Cyber Elite
In response to Stephen24

‎03-17-2020 01:39 AM

@Stephen24, Yes above mentioned test command will give you the security rule match for mentioned source and destination traffic. This will confirm if traffic is matching desired policy and confirm on traffic action.

 

Mayur

M
0 Likes Likes

Stephen24
L2 Linker
In response to SutareMayur

‎03-18-2020 08:23 AM

unfortunately, the rule seen in the result of CLI is not the same than in GUI, is it normal?

ie. the rule which is matching the IPs source and destination in not the same

0 Likes Likes
  • 3881 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks