02-20-2024 12:34 PM
The user was trying to access the Proofpoint links it is not accessible in the firewall. We could see the action is reset both in monitoring and a session end reason is policy-deny and checked the threat logs but we couldn't see any logs in the threat. could someone please help me to understand the issue
02-20-2024 01:06 PM - edited 02-20-2024 01:09 PM
Hello,
Are you seeing this session end under the traffic logs? It sounds like there isnt a rule allowing this traffic. Under the "Policies" tab is there a rule thats create to allow access for this traffic? You could also use the "Test Policy Match" button at the bottom of the same page to see what rule the traffic would hit. If it was something under the threat logs stopping it you should see session end reason "threat". You could also be seeing policy-deny as a result of a file blocking profile or I've seen it in some cases as a result of something pertaining to ssl inspection.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
