My company has had an issue for over a year and Palo Alto cant figure it out. We're using Azure's Palo Alto offering.
* We have a security rule that is sourced from our trusted paas and destined to Azures Paas storage. Port 1433 app id: mssql db encrypted.
* Multiple times a week traffic all of a sudden goes from being allowed under a specific rule to being denied without changes being made.(its being denied under interzone-default policy which of course is deny.
* The only way to fix the issue is to make any change and hit commit, then the packets start hitting the rule again.
* We put a fall back rule source any destination any port 1433 and any application and this still doesn't resolve the issue.
* Packets hitting other rules with different ports and app id's doesn't have this issue only packets.
Has anyone experienced this issue?
I am sorry that this is happening, and quite odd to have it behave like that. I have not heard of that happening before, must be some sort of anomaly that is causing that to happen. I would see if others have anything to say about it, but this sounds like Palo Alto Network support will need to be contacted so they can help research and find out why it is happening.
I finally figured out a work around,
the rule we had issue with had msrdp ldap and ad application along with tcp 135
I had to separate it in two rule, one with application and the other with tcp 135 only
it is working
still need to figure out why we can't have application and service in the same rule
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!