Internet traffic is unexpectedly blocked
A few things to try, either to temporarily suspend problematic blocks to allow end users to access a needed resource, or to narrow down the cause of the problem:
- Because traffic to internet destinations is allowed by default, there may be one or more existing rules that explicitly block this traffic.
- You can temporarily disable a rule that blocks desired traffic.
- To allow immediate access to a necessary destination that is being blocked by another rule, create a new access rule (using the "Enter manually" option for source and/or destination if necessary) and put this rule at or near the top of the rule list on the Policy page so it hits before more general rules that would otherwise apply to the traffic.
- Try disabling enforcement of certain web security features for a rule, in the Advanced settings at the bottom of the Security Controls section of the rule.
- Try disabling intrusion prevention (IPS) for a rule.
- Try disabling intrusion prevention (IPS) on the Rule Defaults page, which disables it for all rules that are configured to use the default setting for IPS.
- Try disabling decryption for all rules in Global Settings, which effectively disables intrusion prevention and other specified features.
- If the issue involves Microsoft 365 applications or sites that use certificate pinning, check Global Settings.
- If all traffic is blocked, make sure you have not inadvertently blocked traffic to a destination that is required infrastructure for managing access. For example, make sure there is no Geolocation rule that blocks traffic to your identity services (IdP) provider.