Packet Deny even if there is an allow rule

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Packet Deny even if there is an allow rule

L0 Member



we're encountred an issue with SAAS service, we created a security rule 




but randomly we had issue during connection into the application, after packet capture, I saw a lot of tcp retransmission and client reset



When I checked the panorama logs I saw that the rule is not matched and flow is denied but I dont understand why because the security rule should be enough permissive.



Did you already encountred this issue ?


thank you for your feedback





Cyber Elite
Cyber Elite

Thank you for the post @jguffroy


Based on screen shot you supplied it is not clear what the root cause is. Would it be possible to navigate in the log to very left side and click on magnifying glass, get session ID from denied and allowed log, then navigate to Firewall's CLI and check/compare details of each session?


show session id <session id>


Kind Regards


Help the community: Like helpful comments and mark solutions.

Cyber Elite
Cyber Elite



If you have FQDN as destination address then that can be issue if IP changes on the url and PA it is not refreshed.

Default FQDN timer is 30 mins.


You can click on Destination address under address and then click on FQDN to see which IP it resolves and compare it with the

deny rule.


You can also refresh the fqdn so it learns the new ip of the fqdn




Cyber Elite
Cyber Elite
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!