About Jafar_Hussain

@BPry  I want to add one more point, i have analyzed the counter again and found the below value:-    Number of ssl sessions can't be decrypted because of out of resources proxy_l2hdr_extended 13 1 info proxy pktpro   apart from this 9 other SSL inbound policy is working perfectly. ... View more

@BPry  I analyze the packet capture and found below:-   1 - Paloalto only support limited Elliptic curves which are received by server hello:-   bu in this packet capture i am not able to find any Elliptic curve detail. Supported elliptic details are below:- P-192 (secp192r1) P-224 (secp224r1) P-256 (secp256r1) P-384 (secp384r1) P-521 (secp521r1)     https://docs.paloaltonetworks.com/compatibility-matrix/supported-cipher-suites/cipher-suites-supported-in-pan-os-8-1/cipher-suites-supported-in-pan-os-8-1-decryption   2 - I have gone through the below documents and found the extension: extended_master_secret is same for client and server hello. https://smartnets.wordpress.com/2016/11/07/palo-alto-firewalls-unable-to-decrypt-ssl-inbound-traffic/       But i am not sure what is the reason i am getting decryption error intermittently. ... View more

@BPry  When i login in website page the decryption showing traffic is decrypted. after login once i click any functionality like transaction the traffic is showing decrypt-error. didn't apply any decryption profile, it is none. ... View more

@SutareMayur  Thanks for the information. appreciate your response. ... View more

@Chris_Johnston @MP18    Yes this is a new setup. i have gone through the documents and changed the service account with ssl/tls 636 port.   My LDAP, UID, DNS service route changed via data plane interface  I have tried everything but still, the issue is the same.     ... View more

@MP18  Not yet. ... View more

@MP18  I took the packet capture and found the SYN packet is going towards the server but didn't get any ACK from the server side. then TCP retransmission packet has been captured. ... View more

@MP18  Thanks for your reply, my concern is why the firewall deny traffic once i configure the security policy-1 and given the IP address in destination, however, once i created the object for the same IP address and allow in destination all are working fine. This issue is occurring only for one IP address rest are working fine. I am not able to find out the reason. ... View more

@OtakarKlier  Yes , i have checked the same , once i applied policy-1 it will bypass all the policy and heat directly to deny any-any. And i can see the traffic is dropped.     ... View more

Resolution:- Once i create a object for that IP address and allow in security policy after that it is working fine.   But i am not able to find the root cause of this issue. ... View more

I have tried all the possibility but still is not working. Has anyone other solution for this. ... View more

@vsys_remo    I have scheduled at midnight it not yet update in my firewall. As well as when i check the threat id 354554856 in https://threatvault.paloaltonetworks.com   I could not find any signature there. ... View more

@BPry  Thanks Got it. ... View more

@BPry  Ok i will check this. One more point i want to add. i took the packet capture with working and non-working condition. I got a drop file from the GUI( I checked in Wireshark client is sending the SYN packet but after that didnt get any response from server side)  .in the non-working condition at the same time i ran the counter but didn't get any drops in CLI. below are the counter logs. This behaviour i checked with policy(2).   (active)> show counter global filter packet-filter yes delta yes Global counters: Elapsed time since last sampling: 25.181 seconds name value rate severity category aspect description -------------------------------------------------------------------------------- pkt_alloc 15 0 info packet resource Packets allocated pkt_inconsist 5 0 info packet pktproc Packet buffer pointer inconsistent flow_policy_deny 5 0 drop flow session Session setup: denied by policy flow_host_pkt_xmt 10 0 info flow mgmt Packets transmitted to control plane flow_host_vardata_rate_limit_ok 10 0 info flow mgmt Host vardata not sent: rate limit ok -------------------------------------------------------------------------------- Total counters shown: 5 -------------------------------------------------------------------------------- (active)> (active)> show counter global filter packet-filter yes delta yes severity drop Global counters: Elapsed time since last sampling: 14.115 seconds -------------------------------------------------------------------------------- Total counters shown: 0 -------------------------------------------------------------------------------- (active)> show counter global filter packet-filter yes delta yes severity drop Global counters: Elapsed time since last sampling: 3.963 seconds -------------------------------------------------------------------------------- Total counters shown: 0 -------------------------------------------------------------------------------- ... View more

@BPry  It, means i need to wait for a next Antivirus signature update? ... View more

@BPry  Thanks for your reply. Sorry for that i don't have a screenshot right now, i have given the example of IP's. i want to give the specific IP's in the destination. i can not give destination address - ANY. Once i disable policy(1) it will bypass policy(2) and heat the deny policy which i have configured at last.       ... View more