- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-10-2017 01:05 PM
hi
The whole company behind PAN firewall is unable to connect to https://login.microsoftonline.com.
no blocked page, just "sign in to your account" web portal but no place to login. Firewall does not show any blocked/dropped connection to this URL.
I create a brand new test rule, put on top of the rule sets but no luck.
Any suggestions/idea appreciated.
04-10-2017 01:23 PM - edited 04-10-2017 01:25 PM
Create a test rule without any security profiles, allow any (or test PC) any, services any application also any. Test again. Still fails?
04-10-2017 01:39 PM - edited 04-10-2017 01:43 PM
Most likely this is not PA issue. Any other inline devices that could cause this? When did it happen? Only this particular website?
04-10-2017 01:41 PM
So far only this url..
04-10-2017 01:57 PM
Post a screenshot please of exactly what you see. Different browser?
04-10-2017 02:27 PM
i actually find the issue; some of the required ap[plications to get login.microsoftonline.com were disabled;
I created a new rule to allow ms-office365, ssl, stun and web-browser to get it going..
04-10-2017 02:32 PM
If this is the case why the test with application and services as any didn't work?
04-10-2017 02:49 PM
That was my question to PAN support - i opened a case and showed them the config logs but they were unable to figure it out 😞
04-10-2017 02:54 PM
Hmm. Good to know anyway :0
04-11-2017 06:33 AM
Depending on the rest of your configuration and your applicaiton time-out lengths the session you were using could have already been 'open' when you committed your test rule and it never actually checked your security policy list again for that session. It might be a good idea going forward if you haven't already when testing new policies to simply clear the session table for your specified source IP; this at least insures that your not matching a session already on the session table.
04-11-2017 07:30 AM
Good point but i actually tested access from different workstations with the same results.
Still puzzled with the fact that i was unable to get a clear answer from support personel about "differences" in configuration.
 
					
				
				
			
		
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!

