Palo Alto Networks Knowledgebase: Session Denied with appid policy lookup deny" Message in Session Information"
Session Denied with appid policy lookup deny" Message in Session Information"
Created On 02/07/19 23:40 PM - Last Updated 02/07/19 23:41 PM
When viewing a session with the show session id CLI command, the security rule matched is "default" and the final line shows: "appid policy lookup deny".
The behavior may be caused by a policy configured with Application Default as the service. When Application Default is selected as the service on a security rule, the Palo Alto Networks firewall will first check the application of the traffic. Once identified, it will compare the port used with the list of default ports for that application. If a match is not found, the firewall will drop the session with the "appid policy lookup deny" message.
Disable the Application Default part of the rule, or modify the existing application to include the appropriate port(s).