Symantec Privileged Access Management

  • Private Community
 View Only

 Regarding PAM-CMN-1167

Jump to  Best Answer
MARUBUN SUPPORT's profile image
MARUBUN SUPPORT posted Nov 27, 2025 04:28 AM

Hi Team,

Product
PAM 4.2.3

We received a question from a customer regarding error PAM-CMN-1167, asking under what circumstances this error occurs.
The error occurs when logging into CAPAM while Cloudflare's Zero Trust is enabled.

Under what circumstances does this error occur?
Is there any way to prevent this error from occurring even when Cloudflare's Zero Trust is enabled?

Thanks,

Joseph Fry's profile image
Broadcom Employee Joseph Fry posted Dec 01, 2025 12:57 PM  Best Answer

PAM-CMN-1167 is generated when PAM detects that something may have tampered with the traffic between the client and PAM server.  In this case, I suspect that Cloudflare is reverse proxying the connection, which means that the clients SSL session is being terminated by Cloudflare and a separate SSL session is established between Cloudflare and PAM.  Reverse Proxying is not compatible with PAM.

I am not experienced with Cloudflare's ZTNA product, however there may be a way to configure it with a Private Route to PAM rather than Reverse Proxy.  I would work with Cloudflare; they should know how to allow PAM to establish an SSL Tunnel directly between the Client and the PAM server within their solution.

There are some notes in this KB that might be useful: https://knowledge.broadcom.com/external/article/107680/pam-disables-user-accounts-while-logon-v.html 



https://knowledge.broadcom.com/external/article/107680/pam-disables-user-accounts-while-logon-v.html