Focus

Report Website Access Issues

Table of Contents

Filter

Expand All | Collapse All

Prisma Access Docs

Administration
Version
- 4.0 & Later
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
Integrations
Incidents & Alerts
Release Notes
Version
- 4.2 Preferred
- 4.1 Preferred
- 4.0 Preferred
- 3.2 Preferred and Innovation
- 3.1 Preferred and Innovation
- 3.0 Preferred and Innovation
- 2.2 Preferred
China Administration

Support for Gzip Encoding in Clientless VPN

Use Remote Networks to Secure Branches

Report Website Access Issues

Some websites such as stubhub.com, ticketmaster.com, or dollartree.com, block traffic from the AWS cloud IP address range. When users who are secured by Prisma Access attempt to access these websites, they can be denied access with the following message on the web browser:

Access Denied.

				You don't have permission to access "http://www.dollartree.com/" on this server. Reference #18.7f955b8.1509600370.44eb7c8

To report this problem, enter https://reportasite.gpcloudservice.com/ from a web browser and provide the URL of the website that is inaccessible. After 24-48 hours, return to https://reportasite.gpcloudservice.com/ and enter the same URL to see its status.

Palo Alto Networks provides you with the IP address that is used by the URL; in some cases, you must add this IP address to your organization’s allow lists so that this traffic is not blackholed. If you have URLs that get redirected, add these IP addresses to your allow lists:

65.154.226.160

154.59.126.110

66.232.36.110

Prisma Access URL Redirect Process

Some websites block traffic from a cloud IP address range. When users who are secured by Prisma Access attempt to access these websites, they can be denied access. In order to ensure that access to these websites is restored, Palo Alto Networks reviews all such reported sites and, if an access issue is found, categorizes the site and adds an egress policy that NATs the IP address to one that can be accessed. Palo Alto Networks thoroughly reviews the sites to determine their reputation and only websites with a pristine reputation are added to the egress rule, while the others are rejected, using this process:

You notify us of the URL with access issues using https://reportasite.gpcloudservice.com/.

Site Reliability Engineering (SRE) automation reviews the URL.

If SRE determines the URL to be safe, a policy-based forwarding (PBF) rule is applied to the URL and its parent domain.

The traffic is routed via Prisma Access from the GlobalProtect gateway or remote network to a URL processing hub, where the PBF rule is applied to the domain, and from the hub to a Palo Alto Networks data center.

As traffic egresses from the data center, the URL is source NATted to the IP address of the data center.

As a result of these actions, traffic to and from the SaaS applications is not dropped because the data center IP address has a clean reputation.

Support for Gzip Encoding in Clientless VPN

Use Remote Networks to Secure Branches

Prisma Access Docs

Report Website Access Issues

Prisma Access Docs

Report Website Access Issues

Recommended For You

Activation & Onboarding

SASE

Cloud-Delivered Security Services

Network Security

Agents & Agentless

Visibility & Monitoring

Best Practices

Experts Corner