Unexpected Incorrect filtering

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Unexpected Incorrect filtering

Not applicable

Hi All,

I have encounter some issue regarding incorrect filtering of PALO ALTO. I deploy Palo Alto last to weeks and it working fine and all the users got the correct policy. It is integrated with the active directory using AD agent. Now our client encountered incorrect filtering. Ive made a exemted users that is for alert only to logs their activities but lately they receive a block page. Why is that. The software version is 4.0.7. Hope you can help me to solve this issue.

Thanks in advance

4 REPLIES 4

L4 Transporter

Hi J,

A couple of items to check:

1. Has the order of your rules changed such that an exempted individual matches group membership on a rule with a deny setting is above the exempt rule?

2. When you review the deny message in the URL log, is the correct user showing up?

Please take a look and respond back with your findings

Thanks
James

Hi jcostello,

I alrady check the policy and there no problem with it. The problem is there was a time that the PALO ALTO loss connection with the PAN agent in the AD. After restarting the the PAN Agent services all working fine again. Can you please give us a solution to solve this issue without restarting again and again the PAN agent services.

Thanks in advance.

regards,

Jan

Hi Jan,

If there is a problem with the connection to the PAN agent and the user id info based on which the policy is enforced is not available then the policy used to allow the user will not work. If you happen to see this issue again then please call into support so that we can troubleshoot the issue and determine the cause of the PAN agent connectivity to the FW.

Typically we would first go and check on the PAN-agent if the user id info is there and then check on the FW for the user id info as well. Based on the outputs we will have to do additional troubleshooting steps to determine where the problem lies.

Thanks

Hi Mrajdev,

I already check the policy and there is no problem with that.

Ive made a policy for exempted users for alert only to logs their activities and there was a time that some of the exempted users are not getting correct policy. I troubleshoot it in the monitor tab to find out if the user get the correct policy and it fall to the global policy which is the bottom policy but that user is included in the exempted users policy and the other users with the same policy are filtered correctly. That user when i monitor in the monitor tab it doesn't log the user ID and it is only IP address. And sometimes the users again get the correct policy and the user ID appeared. Why is that but other users didn't experience this issue with the same policy. Is their any configuration i need to make in the PAN AGENT. The software version is 4.0.7. I attached here the Tech Support file. Please help to solved this issue.

  • 2569 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!