Palo Alto Networks Knowledgebase: Session Denied with appid policy lookup deny" Message in Session Information"

Session Denied with appid policy lookup deny" Message in Session Information"

3410
Created On 02/07/19 23:40 PM - Last Updated 02/07/19 23:41 PM
Content Release Deployment
Resolution

Symptom

When viewing a session with the show session id CLI command, the security rule matched is "default" and the final line shows: "appid policy lookup deny".

 

Cause

The behavior may be caused by a policy configured with Application Default as the service. When Application Default is selected as the service on a security rule, the Palo Alto Networks firewall will first check the application of the traffic. Once identified, it will compare the port used with the list of default ports for that application. If a match is not found, the firewall will drop the session with the "appid policy lookup deny" message.

 

Solution

Disable the Application Default part of the rule, or modify the existing application to include the appropriate port(s).

 

owner: gwesson



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cly1CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language