Site can´t be reached - application incomplete

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Site can´t be reached - application incomplete

L1 Bithead

Hi

I hope you can help me, through the Prisma Access network I can't reach the site "www.solicitator.org" when checking the log present "Application Incomplete". The site is accessible to the disconnected GlobalProtect.

 

evidencia1.png

 

What can be done so that the site is accessible through Prisma?

1 ACCEPTED SOLUTION

Accepted Solutions

L1 Bithead

In contact with Palo Alto were unable to get the package collected by accessing the site in question, a workaround suggested putting the split tunnel site to go through outside the VPN communication.

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

As Prisma Access is based on Palo Alto Firewalls in the background and for me the server does not return a reply to the Prisma Access cloud and this is why data can't be returned. Better check after the prima access if there is something blocking traffic comming from the prisma access source IP addresses like router/firewall before the server or the server itself.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC

 

 

If you see that the server pcap it returns reply and that the routers/firewalls do not block anything then raise a case as with Prisma Access you can't do pcap captures or see global counters or flow debugs etc. as this is something the Palo Alto TAC can do in Prisma Access. This is the cloud it is easier but you have less control 🙂

 

https://live.paloaltonetworks.com/t5/general-topics/knowledge-sharing-palo-alto-checking-for-drops-r...

 

 

You may test the Autonomous DEM, enable it just for group of users and proble the application as it will show you if the issue is in Prisma Access cloud or outside of it in most cases,

 

https://docs.paloaltonetworks.com/autonomous-dem/autonomous-dem-in-prisma-access/go-to-autonomous-de...

 

https://docs.paloaltonetworks.com/prisma/prisma-sd-wan/deployment-and-integrations/3-1-2/prisma-acce...

 

https://docs.paloaltonetworks.com/autonomous-dem/autonomous-dem/set-up-an-autonomous-dem-application...

 

https://www.youtube.com/watch?v=jYv8VhH4I4o

 

Hi,

 

Thanks, I will do these tests and then inform you if I was successful or not.

 

If you managed to get the needed answers, please flag the question as answered.

L1 Bithead

In contact with Palo Alto were unable to get the package collected by accessing the site in question, a workaround suggested putting the split tunnel site to go through outside the VPN communication.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!