Block sessions if resources not available" configuration in Decryption Profile"

Block sessions if resources not available" configuration in Decryption Profile"

18239
Created On 09/25/18 17:41 PM - Last Modified 02/23/23 04:28 AM


Symptom


In the Decryption Profile, there is an option to choose "Block sessions if resources not available" for SSL Forward Proxy and SSL Inbound inspection. What do we mean if resources are not available?

 

article-2.png

 

 

 

Environment


  • Palo Alto Firewall
  • PAN-OS 8.1
  • SSL Decryption
  • Block sessions if resources not available

Resolution


Block sessions if resources not available will kick in when the:

  1. Maximum number of decrypted sessions has been reached
  2. Client Hello references the SSL session ID, which we do not have in the firewall cache anymore
  3. Decrypt packet buffers are depleted

 Dataplane resources utilization is not monitored with this configuration.

Contact Support if assistance is needed to resolve the issue, 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClI9CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language