Unknown TCP/443 and ICMP traffic sourced from the Prisma Access Infrastructure subnet (specifically loopback IPs) destined to various public IP addresses traversing the service connection is denied or Dropped

Unknown TCP/443 and ICMP traffic sourced from the Prisma Access Infrastructure subnet (specifically loopback IPs) destined to various public IP addresses traversing the service connection is denied or Dropped

267

Created On 01/31/25 00:12 AM - Last Modified 10/17/25 04:12 AM

Prisma Access

Question

Environment

Prisma access
Strata Logging Services (SLS)
ADEM

Answer

This is caused by ADEM probes generated by the Prisma Access Infrastructure.
Specifically the service connection-Gateway(SC-GW) as it does its probes.
Since this is generated from the SC-GW this traffic will not be seen on any of the Gateways and will not be displayed in SLS.
These flows can be identified on the GW as conforming to the following:

show session id xxxx.  
    c2s flow:
                source:      x.x.x.x [dem_gre]
                dst:         <<loopback_ip>>
                proto:       1
                sport:       xxxx           dport:      xxxx
                state:       INIT            type:       FLOW
                src user:    unknown
                dst user:    unknown        s2c flow:
                source:      <<loopback_ip>> [inter-fw]
                dst:         <<internet_ip>>
                proto:       1
                sport:       xxxx           dport:      xxxx
                state:       INIT            type:       FLOW
                src user:    unknown
                dst user:    unknown

Additional Information

Accept Default Route From Service Connection

Unknown TCP/443 and ICMP traffic sourced from the Prisma Access Infrastructure subnet (specifically loopback IPs) destined to various public IP addresses traversing the service connection is denied or Dropped

Question

Environment

Answer

Additional Information

Other users also viewed: