Packets being denied intermittently.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Packets being denied intermittently.

L0 Member

My company has had an issue for over a year and Palo Alto cant figure it out.  We're using Azure's Palo Alto offering.

 

* We have a security rule that is sourced from our trusted paas  and destined  to Azures Paas storage.  Port 1433 app id: mssql db encrypted.

* Multiple times a week traffic all of a sudden goes from being allowed under a specific rule to being  denied without changes being made.(its being denied under interzone-default  policy which of course is deny.

* The only way to fix the issue is to make any change and hit commit, then the packets start hitting the rule again.

*  We put a fall back rule source any destination any port 1433 and any application and this still doesn't resolve the issue.

* Packets hitting other rules with different ports and app id's doesn't have this issue only packets.

 

Has anyone experienced this issue? 

5 REPLIES 5

L7 Applicator

@RobertPratt 

I am sorry that this is happening, and quite odd to have it behave like that.   I have not heard of that happening before, must be some sort of anomaly that is causing that to happen.  I would see if others have anything to say about it, but this sounds like Palo Alto Network support will need to be contacted so they can help research and find out why it is happening.

LIVEcommunity team member
Stay Secure,
Joe
Don't forget to Like items if a post is helpful to you!

L0 Member

Hello @RobertPratt,

Did you resolved this issue?

Julien GUFFROY

Hello the issue was with the fqdn.  I put a catch all rule at the bottom and used ip address instead of fqdn and we havent had the issue since. 

 

Thanks. 

L0 Member

Hello 

I am experiencing the exact same issue but I do not use fqdn 

the same packet is allow by one rule and right after deny by intrazone rule 

any one else ?

I finally figured out a work around, 

the rule we had issue with had msrdp ldap and ad application along with tcp 135 

 

I had to separate it in two rule, one with application and the other with tcp 135 only 

it is working 

 

still need to figure out why we can't have application and service in the same rule

  • 4783 Views
  • 5 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!