- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-22-2021 02:12 AM
Hello,
we're encountred an issue with SAAS service, we created a security rule
but randomly we had issue during connection into the application, after packet capture, I saw a lot of tcp retransmission and client reset
When I checked the panorama logs I saw that the rule is not matched and flow is denied but I dont understand why because the security rule should be enough permissive.
Did you already encountred this issue ?
thank you for your feedback
12-25-2021 02:36 PM
Thank you for the post @jguffroy
Based on screen shot you supplied it is not clear what the root cause is. Would it be possible to navigate in the log to very left side and click on magnifying glass, get session ID from denied and allowed log, then navigate to Firewall's CLI and check/compare details of each session?
show session id <session id>
Kind Regards
Pavel
12-25-2021 02:43 PM
If you have FQDN as destination address then that can be issue if IP changes on the url and PA it is not refreshed.
Default FQDN timer is 30 mins.
You can click on Destination address under address and then click on FQDN to see which IP it resolves and compare it with the
deny rule.
You can also refresh the fqdn so it learns the new ip of the fqdn
Regards
12-25-2021 02:45 PM
Also check this url
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHJCA0
Regards
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!