Intermittent firewall/application issue

Reply
Highlighted
L0 Member

Intermittent firewall/application issue

Hello,

 

I apologized if i posted i the wrong area.  To start off with, we just got our PA-820 recently.  We have a weird issue, where one day an application will work without problems and another day the Instant Messaging part of the app fails to connect.

 

I looked at the logs yesterday when it wasn't working and noticed a lot of logs in the traffic section showing destination IP address for the service and the port 5280 with the Session end showing "TCP-RST-from-Server". I tested the application with a mobile hotspot and it worked just fine, so i limited it down to the firewall. 

 

Today the applicatoin is working and when searching the logs, nothing shows up. 

 

I"m kind of at a loss where to start as i'm learning about managing the Firewall.    I think it has something to do with SSL encryption, but it's just my hunch.  Ideas?

L7 Applicator

Re: Intermittent firewall/application issue

@RandyRuedas,

It would be helpful to know which application you are actually having issues with, so that we can properly troubleshoot. Without that we're troubleshooting something that could be a known issue. 

Generally speaking RST from Server wouldn't be caused by the firewall; as the traffic according to the log made it to the server perfectly fine and it was the Server itself that sent the reset. This could be a range of issues.

Are you by chance decrypting this traffic or have you not set that up yet? 

L0 Member

Re: Intermittent firewall/application issue

@BPry

 

Mitel Connect is the Application which uses port 5280  and we have another program  CDK DRIVE that also uses the port 5280. 

 

The strange part is yesterday there was over 120+ PC's showing in the logs when searching port 5280.  Yesterday my IP address was in this list and the IM part of the program wasn't working.

 

Today if i  search by port 5280 it shows logs for 37 IP addresses.   I'm not in that list of IP addresses and it works fine today. 

 

I thought all traffic showed in the traffic log?   Is it when there is an issue with SSL encryption?  I read there was an issue when multiple applicatoins share the same port, but that was fixed in 8.0.0.8 and i'm running 8.1.1

 

Under Policies> Decryption we have nothing configured yet. 

 

Log from my IP address yesterday. 

 

image.png

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!