I would like to know about Palo Alto firewall Session End reason, why we are getting those reasons & how we can resolve the issue.
tcp-rst-from-client—> it mean the client sent a TCP reset to the server.
tcp-rst-from-server—> it mean the server sent a TCP reset to the client.
Aged-Out -> Session Time out
But I am looking for the solution how we can resolve that issue
Simillarly I would like to know about Application status:
What exactly mean by "Incomplete", "Unknow" & so on... How we can resolve these issue.
Your help would be greatly appreciated.
For session end reason you don't have to do anything on PA (unless it's actually denied by PA). And reset (either by server or client) is a normal ending of TCP session. Session time out is also a normal occurence for non TCP sessions. So no action is needed there, these are just helpful info PA provides.
Incomplete means TCP 3 way handhsake didn't finish. It can be either routing issue or just destination server not listening on that port.
Unknown-tcp (or -udp) means there is some traffic passing through FW but PA can't recognise the application. These are the cases you should investigate; what is at source IP, which service is listening at destination IP, maybe do a packet capture for this traffic...
Idea is to identify the traffic as you don't want any unknown traffic in your network. Once you identify it and find the reason you can either block it or tell PA how to identify it (by Application Override or with custom application signature).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!