Traffic not reaching the internet through the newly configured Explicit proxy

Traffic not reaching the internet through the newly configured Explicit proxy

307
Created On 11/06/25 14:59 PM - Last Modified 01/16/26 03:41 AM


Symptom


  • Traffic through the explicit proxy is not reaching the internet.
  • The NAT policy used for upstream connections showing hit count zero.
  • The security policy from proxy zone to upstream (internet) zone showing hit count zero.
  • From CLI, source client have one session being created for listening interface, no trace of an upstream interface.

LOG ERROR (Envoy log):

[2025-10-31 16:40:02.270][9744][trace][pool] [source/common/conn_pool/conn_pool_base.cc:129] not creating a new connection, shouldCreateNewConnection returned false.

Environment


  • NGFW with web proxy capability
  • PanOS >= 11.0
  • Secure Web Gateway ( proxy ) configured.
  • Transparent
  • Explicit proxy

Cause


Software issue PAN-208794

Resolution


  1. Edit the virtual router settings with any minor change and commit again. 
  2. Any changes to the network/interfaces or network/virtual routers usually fixes this issue.
  3. Alternatively, you may try rebooting the firewall. This issue disappears following reboot after the swg (secure web gateway) is setup and configured.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000TOIHKA4&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail