Global counter "flow_policy_no_zone_i" seen and traffic is dropped by Firewall

Global counter "flow_policy_no_zone_i" seen and traffic is dropped by Firewall

9685
Created On 03/07/19 17:59 PM - Last Modified 12/06/22 13:25 PM


Symptom


Traffic between specific Source and destination is being dropped by the firewall with the global counter
flow_policy_no_zone_i 4 0 drop flow session Session setup: no incoming zone

On how to run check global counters for specific source and destination, check the below article
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloNCAS

 

Environment


  • Firewall: Any Hardware or VM firewall
  • Software version : 8.x.x

Cause


Incoming interface does not have security Zone assigned

Resolution


  •  Check the incoming interface to which the traffic is supposed to be received
  •  Check on the interface if security zone is assigned
  •  If security zone is not assigned, firewall will drop the traffic

This can be checked Under Network - > Interface -> Check the destination interface where traffic is supposed to exit

If this issue is for VPN traffic not being passed, make sure that the tunnel interface associated to the IPsec tunnel has the correct zone assignment.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boI0CAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language