Zscaler PAC File Not Loading
Zscaler PAC files do not load when URL is unreachable or syntax is invalid.
Category archive
Network Security fixes
Published troubleshooting guides for network security issues.
AWS WAF IP Set Not Updating
AWS WAF IP sets do not update when referenced by active rules.
Cloudflare WAF Managed Rule Blocking
Cloudflare WAF managed rules block legitimate traffic when sensitivity is too high.
GCP Firewall Rule Priority Conflict
GCP firewall rules conflict when priority values cause unexpected allow/deny.
Azure NSG Flow Logs Not Capturing
Azure NSG flow logs are not captured when storage account is misconfigured.
AWS Security Group Blocking
AWS security groups block traffic when ingress rules are too restrictive.
Thycotic Secret Server API Error
Thycotic API calls fail when service account permissions are insufficient.
CyberArk PAS Session Failed
CyberArk PAM sessions fail when CPM component is not reconciling.
HashiCorp Vault Seal Lost
Vault is sealed when unseal keys are lost or HSM is unreachable.
Auth0 Custom Domain SSL Expired
Auth0 custom domain certificates expire when auto-renewal is disabled.
Okta API Token Expired
Okta API integration fails when API token has expired.
Keycloak Realm Misconfigured
Keycloak authentication fails when realm or client configuration is invalid.
Authelia LDAP Bind Failed
Authelia cannot bind to LDAP when service account credentials are wrong.
Pomerium Route Policy Denied
Pomerium denies access when route policy evaluation returns false.
OAuth2 Proxy Callback Error
OAuth2 proxy authentication fails when redirect URI is not whitelisted.
JWT Validation Key Mismatch
JWT token validation fails when signing key does not match issuer.
Rate Limiter Quota Exceeded
Rate limiter rejects requests when client exceeds configured quota.
Circuit Breaker Open State
Circuit breaker opens when error rate exceeds threshold blocking requests.
Service Mesh Retry Policy Exhausted
Service mesh retries are exhausted when upstream continuously fails.
Istio Egress Gateway Not Routing
Istio egress gateway does not route external traffic when ServiceEntry is missing.
Antrea NetworkPolicy Not Enforced
Antrea network policies are not enforced when OVS flow programming fails.
Flannel Backend Not Initializing
Flannel CNI does not initialize when subnet config is missing in etcd.
Weave Net Encryption Disabled
Weave Net pod-to-pod encryption is disabled when password is not configured.
Calico Felix Not Programming Rules
Calico Felix does not program iptables when etcd backend is unreachable.
Cilium Network Policy Dropped
Cilium drops packets when network policy rules deny the flow.
Gloo Route Table Not Matching
Gloo routes do not match when virtual host configuration is incorrect.
Ambassador Host Resolution Failed
Ambassador mappings fail when service hostname cannot be resolved.
Kong Plugin Execution Error
Kong plugins fail to execute when configuration schema validation fails.
Traefik Middleware Chain Broken
Traefik middleware chains break when referenced middleware does not exist.
Consul Connect Sidecar Not Proxying
Consul Connect sidecar proxies do not forward when mTLS verification fails.
Linkerd Service Profile Validation
Linkerd service profiles reject traffic when route specifications are invalid.
Istio mTLS Strict Mode Failure
Istio mTLS strict mode blocks traffic when sidecar certificates are not rotated.
Envoy Cluster Outlier Detection
Envoy ejects hosts from cluster when outlier detection thresholds are exceeded.
Nginx TCP Upstream Timeout
Nginx TCP proxy connections timeout when upstream does not respond in time.
HAProxy Backend 503
HAProxy returns 503 when all backend servers are marked down.
Load Balancer Health Check Failing
Load balancer marks backends unhealthy when health check path or interval is wrong.
DDoS Protection Triggering False
DDoS protection activates on legitimate traffic when thresholds are too low.
WAF Blocking API Clients
Web Application Firewall blocks API clients when rule sensitivity is too high.
IDS IPS False Positive Blocking
IDS/IPS blocks legitimate traffic when signatures generate false positives.
SSL Inspection Breaking Apps
SSL inspection breaks applications when certificate pinning or mutual TLS is required.
DNS Server Not Resolving Externally
DNS server cannot resolve external names when forwarders are unreachable.
DHCP Server Not Responding
DHCP server does not respond when scope is exhausted or relay agent is broken.
HSRP VRRP State Flapping
HSRP/VRRP gateway state flaps when priority or timers are misconfigured.
LACP Bundle Not Forming
LACP port channels do not form when partner configuration is inconsistent.
VLAN Trunk Not Passing Traffic
VLAN trunk ports do not pass traffic when allowed VLAN list is misconfigured.
STP Loop Detection Blocked
Spanning tree blocks ports when loop guard or BPDU guard is triggered.
OSPF Adjacency Not Forming
OSPF adjacency does not form when area ID or hello/dead timers mismatch.
BGP Peering Down
BGP peering sessions are down when AS number or neighbor IP is misconfigured.
VPN Tunnel Not Establishing
VPN tunnels fail to establish when IKE pre-shared keys or certificate authentication mismatches.
Firewall Rule Blocking Legitimate Traffic
Firewall rules block legitimate traffic when source/destination ranges or ports are misconfigured.