QuickBooks Maintenance Release update fails

QuickBooks Maintenance Release update fails

3203
Created On 05/18/20 23:22 PM - Last Modified 05/18/20 23:23 PM


Symptom


- The maintenance release update for QuickBooks (Intuit) application was failing when a Security Profile was added to the rule.
- Without Security Profile, it works fine.

Maintenance Release Update failing with error

Environment


PAN-OS: Security Policy configured with Security Profile for L7 inspection.

Cause


- By default, 'Allow HTTP partial response' option is Enabled under Device, Setup, Content-ID settings.
- In the configuration on this support case, the option was not Enabled.
- From CLI 
taha@GBC-FW01> configure
Entering configuration mode
[edit]

taha@GBC-FW01# show deviceconfig setting ctd
ctd {
  strip-x-fwd-for yes;
  x-forwarded-for yes;
  allow-http-range yes;   <<<<<<<<<<<
  tcp-bypass-exceed-queue yes;
  udp-bypass-exceed-queue no;
}
[edit]
taha@GBC-FW01#


- Firewall detects the Partial Response and generates the global counter 'Number of HTTP range responses detected by ctd'.
- Packets with HTTP Partial response are dropped on the firewall if not Allowed.
 

 

Resolution


- Allow HTTP partial response can be enabled from GUI, under Content-ID settings.
Or
- Enable from CLI, 
taha@GBC-FW01> configure
Entering configuration mode
[edit]
taha@GBC-FW01# set deviceconfig setting ctd allow-http-range yes

[edit]
taha@GBC-FW01# commit

Or
- To revert the changes back to default, 
taha@GBC-FW01# delete deviceconfig setting ctd allow-http-range

[edit]
taha@GBC-FW01# commit

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008U6iCAE&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail