I have a remote clinic that can't connect to a certain web-based application on the wired network. However this clinic can connect via the wireless guest network. I don't see any access-list that explicitly blocks the public IP address of the web-based application. I can ping the application and traceroute out to the web-based applications network.
I contacted the Palo Alto firewall team and they stated they don't see the public ip addresses of the web-based app traversing the firewall.
The clinic can access all other web-sites and intranet sites.
My core switch, which is in the DMZ, forwards outbound internet traffic through a Palo Alto firewall. Traffic leaves the firewall and goes through another switch which has a connection out to the internet.
Does anyone have any ideals????