08-15-2020 01:23 AM
Twitter is not working. I create the simple policy but I got this error. aslo create the application override but still I got same error i have also change my browser but still same please suggest.
08-15-2020 07:20 AM
@Joshan_Lakhani Some more information would be nice in order to help here ...
08-15-2020 07:30 AM
@Remo thanks for you reply
Yes internet is working fine once we bypass the paloalto and connect directly laptop with ISP router it's working fine once i connect laptop behind the palolalto i go this error.
Create test policy the security policy source “any” destination “any” destination ip address 10.x.x.x Application any and remove security profiles and action “allow” and put on TOP
In traffic log Session reason "TCP Fin "
No decryption is enable
Addition Information: i have also create the application override but issue still same
I have delete the browse cookies but issue still not response. Please suggest
08-15-2020 08:04 AM
@Joshan_Lakhani So when you are behind the paloalto, you only have problems with twitter or with internetaccess in general?
08-15-2020 08:14 AM
No only the issue is with Twitter
all the other social networking site are allow and it's working fine
08-15-2020 09:23 AM
@Joshan_Lakhani Do youbuse url filtering? If yes, do you have blocked categories configured and did you also check the url log for blocked urls?
Did you try with a policy that allows any?
08-15-2020 10:29 AM
I have create the policy any but the issue still same
08-15-2020 10:52 AM
In this case please open the website again but this time with developer tools opened in the browser and then go to the network tab. There you should see if some requests are failing. For further help here I kindly ask you to provide some more screenshots (network tab of the developer tools, security policy, logs on the firewall).
08-16-2020 12:02 PM
You really need to check the Traffic logs and URL filtering logs for any errors.
Also Run this command from CLI
show session all filter source your pc ip destination twiter ip
--------------------------------------------------------------------------------
ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port])
Vsys Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
12913 web-browsing ACTIVE FLOW *NS 192.168.200.105[53346]/NetGear_DMZ/6 (x.x.x.x[1750])
vsys1 104.244.42.194[443]/PA_EXT (104.244.42.194[443])
Regards
08-16-2020 12:09 PM
@MP18 Thanks for you reply
As we are not using the URL Filtering and in the session id Traffic is "TCP-FIN"
08-16-2020 12:18 PM
As Remo mentioned do the developer tools in your browser and do the PCAP with source and destination IP address.
Regards
08-18-2020 04:40 PM
This error normally comes if we are doing ssl decryption on the traffic and one of the reason can be Cert pinning.
As you said you are not doing ssl decryption and you are using custom application override for this rule?
I ill suggest make a new test rule without any application override and move this new rule on top from the current security rule and
please test again.
Regards
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
