Prisma Access instances fail getting External Dynamic List of EDL Hosting Service

Prisma Access instances fail getting External Dynamic List of EDL Hosting Service

4626
Created On 08/29/23 02:37 AM - Last Modified 12/11/24 10:07 AM


Symptom


  • Prisma Access instances fail getting External Dynamic List of EDL Hosting Service.
  • Traffic Logs show that the traffic is identified as "SSL" and matching a deny Rule.

Environment

Cause


The session application is identified as "SSL" rather than "paloalto-shared-services", and therefore does not match the intended Security Policy "GPCS-outbound-paloalto-service".

Resolution


The SNI "saasedl.paloaltonetworks.com" will be added to the "paloalto-shared-services" Application. Once this is available, we will detect EDL traffic as "paloalto-shared-service" and match the default Security Rule "GPCS-outbound-paloalto-service". The fix is targeted for end of February 2025.

Additional Information


As a workaround, add a security policy to allow the traffic to EDL Hosting Service.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000XgHNCA0&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language