Post OS Upgrade for PA-5220 from 9.1.4 to 10.2.3-h4 Users Started Experiencing Issues with Accessing MS Office 365 Applications Internally

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Post OS Upgrade for PA-5220 from 9.1.4 to 10.2.3-h4 Users Started Experiencing Issues with Accessing MS Office 365 Applications Internally

L0 Member

Hi There,

 

Recently, we upgraded the OS on our PA-5220 from 9.1.4 to 10.2.3-h4. Immediately after we upgraded to 10.2.3-h4 our helpdesk began receiving calls from users reporting that they cannot get logged into MS Office365 Applications, it'll never bring them to the MS prompt to input their Office365 email/password it'll just say "Can't reach this page." 

 

From monitoring the traffic on the firewall, it looks like when a PC in the trust zone is trying to reach out to the ADFS server in the DMZ zone the session is being reset on the server side. 

 

I'm not certain if maybe the U-Turn NAT rules we have in place to utilize our Microsoft Traffic Manager to route traffic to our ADFS servers got messed up after the OS upgrade on PA-5220. As a temporary work around, we had to update the DNS record to not utilize the Microsoft Traffic Manager alias and instead add the actual ADFS IP addresses and users are able to get to MS Office365 applications. 

 

I appreciate your support in advance.

 

Thank You,

Krystin 

1 REPLY 1

Cyber Elite
Cyber Elite

Hello,

Check the logs to see if there is any blocked traffic. The newer code has new features, etc. Also check out the external dynamic list that PAN has available for o365 since its IP's rotate a lot:

OtakarKlier_0-1683237846829.png

 

Regards,

  • 1340 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!