Error message 'Direct Internet Reachability Down" and "Site Connectivity degraded" alarms when the link is actually working

Error message 'Direct Internet Reachability Down" and "Site Connectivity degraded" alarms when the link is actually working

1596
Created On 11/01/22 00:46 AM - Last Modified 10/31/23 23:24 PM


Symptom


Customer is seeing  'DIRECT INTERNET REACHABILITY DOWN' 'Site Connectivity degraded' alarm for the internet port while they confirmed that there is no issue with ISP.

Environment


  • Prisma SD-WAN
  • ION Devices
  • Firewall is connected to the Internet port of ION device

Cause


  • Required ICMP connectivity was blocked by the Firewall Rule.
  • The following IP addresses and URLS need to be permitted.
WAN Layer 3
Reachability
ICMP
 
Outbound
ION Internet Port IP Address
8.8.8.8
8.8.4.4
208.67.222.222
208.67.220.220
WAN Layer 3
Reachability
TCP
80
Outbound
ION Internet Port IP Address
captive.apple.com
clients3.google.com


 

Resolution


  1. Permit the above IP addresses and URLs by modifying the rule on the connected devices in path.
  2. If the issue persists check if any other required IP addresses are blocked as per the documentation.
  3. If the issue persists after the above correction, contact Support.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kEz1CAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail