User auth is not happening for specific client IP's


(Pavan Kumar) #1

Hi,

Recently we observed for one client IP 10.205.216.135 user auth is not working. But from the same segment for other IP’s(for ex:10.205.216.134) user auth is working fine.

On digging further we got to know the TCP 3way handshake is not happening for auth URL gateway.zscalertwo.net and user is getting timeout.

We captured the packet for the user IP 10.205.216.135 and gateway.zscalertwo.net IP 199.168.151.10 on firewall and observed the TCP SYN packet is passing firewall and going to GRE tunnel but response is not coming from GRE tunnel.

As a workaround we have changed user IP to 10.205.216.137, post that I can see user auth worked successfully and everything worked as expected.

Is anyone facing similar issue. If yes, please let me know the root cause and how it is resolved.


(Ramesh M) #2

Wireshark and fiddler from the affected machine will give you more insights about the issue.

Also verify if there any policy , Nat or route at gateway cause this issue.