05-01-2023 02:27 PM - edited 05-01-2023 02:28 PM
Hi There,
Recently, we upgraded the OS on our PA-5220 from 9.1.4 to 10.2.3-h4. Immediately after we upgraded to 10.2.3-h4 our helpdesk began receiving calls from users reporting that they cannot get logged into MS Office365 Applications, it'll never bring them to the MS prompt to input their Office365 email/password it'll just say "Can't reach this page."
From monitoring the traffic on the firewall, it looks like when a PC in the trust zone is trying to reach out to the ADFS server in the DMZ zone the session is being reset on the server side.
I'm not certain if maybe the U-Turn NAT rules we have in place to utilize our Microsoft Traffic Manager to route traffic to our ADFS servers got messed up after the OS upgrade on PA-5220. As a temporary work around, we had to update the DNS record to not utilize the Microsoft Traffic Manager alias and instead add the actual ADFS IP addresses and users are able to get to MS Office365 applications.
I appreciate your support in advance.
Thank You,
Krystin
05-04-2023 03:04 PM
Hello,
Check the logs to see if there is any blocked traffic. The newer code has new features, etc. Also check out the external dynamic list that PAN has available for o365 since its IP's rotate a lot:
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
