Palo Alto Networks Knowledgebase: XenServer Open Source Virtualization Platform not Working with URL Filtering Enabled

XenServer Open Source Virtualization Platform not Working with URL Filtering Enabled

1154
Created On 02/07/19 23:39 PM - Last Updated 02/07/19 23:39 PM
Device Management Initial Configuration Installation QoS Zone and DoS Protection
Resolution

Issue

XenServer Open Source Virtualization platform, which uses an SSL connection to manage remote servers, is not working with URL filtering enabled and a category set unknown to continue. The platform is not working even though the interested traffic is hitting the right security rule and is being allowed as per the monitor logs.

 

Cause

When traffic is identified as an unknown url category and when the action for an unknown category is set to continue, the firewall would try to present a continue page and expect a response from it. Since this is an SSL connection and not a web browser, this continue page cannot be seen and therefore traffic does not continue to flow.

 

Details

When you launch the XenServer platform and check the session details the active SSL session looks like this:

yy.JPG

If a user accesses any of the servers listed, the sessions could appear undecided and the session could look like this:

xx.JPG

The url category displays as unknown. If a user checks the respective url filtering profile, the action for the unknown category would be configured as continue.

tt.JPG

 

Resolution

If a user changes this action to alert or allow the issue will be fixed. All interested traffic will be displayed and identified as SSL. Now the servers can be accessed and the real time update could be seen as expected.

 

xxxxx.JPG

 

owner: skumar1

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClwVCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language