04-15-2024 01:44 AM
Dear Team,
Greeting...!
We are trying to access one URL from behind the palo alto, it was accessible but we are not able to log in to that URL, and when we checked using a mobile hotspot it was login successfully.
Additionally, we checked the traffic logs and created a new security rule for the specific source to the destination to allow any service.
but, we facing the same issue, and the session end reason is showing as NA.
Also, we are able to telnet from the source user on port 443.
Can anyone face same issue? please help us on this with your expertise...
04-15-2024 01:09 PM
Is your URL being blocked by URL Filtering/Malware detection? Check you logs in Monitor->Threat and Monitor->URL Filtering to see if the connection is being blocked and why. Try testing the URL at https://urlfiltering.paloaltonetworks.com/query/ (or "test url $URL" on the CLI) to determine how it is categorized.
If the URL itself is fine, there may be an additional third-party resource buried in the webpage coding. Try using Chrome, go to Settings->More Tools->Developer Tools, open the Network tab, and then load the page. Look for red items have a 4xx/5xx error code or connection reset. It may be a resource that the PA is blocking.
04-16-2024 07:18 AM
Hi @Adrian_Jensen ,
We have checked the HAR logs, also attached the snapshot of that,
Can you please let us know what action we need to do here.
04-16-2024 11:29 AM
The images show that font files and the favicon on service.konicaminolta.eu and adfs.kamicamoniolta.eu are not found. That is unlikely to be the cause of the problem. Both FQDNs are categorized as Business-Economy/Low-Risk, so are unlikely to be URL filtered.
You said above that the session end reason is "NA". I am unsure as to why that would be as NA is not a valid session end reason as far as I am aware. Are you sure you are looking at a session end traffic log and not a session start traffic log? From your Security Policy, you can log traffic on the start and/or end of the session (Policies->Security->[rule]->Actions->Log at session Start/Log at Session End). Start logs will show as "start" in the "Type" column of Traffic Logs and "Details: Type: start" in the log detail. A start log would have no session end reason as it is logged at the start of a session.
Are you performing traffic decryption of you outbound traffic? service.konicaminolta.eu appears to be a ServiceNow website. We exclude our ServiceNow portal from decryption as we previously had decryption problems with it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
.png){kind=link}