TCP-RST-FROM-CLIENT

Reply
L2 Linker

Re: TCP-RST-FROM-CLIENT

Is there a better way than a screen shot?

 

Here's the ruleset I have, only NetAdmin and NTP work at this time.

temptrip-rules.png

L6 Presenter

Re: TCP-RST-FROM-CLIENT

Do you have any security profiles applied for the policies? Anything in the threat logs? Temptrip HTTPS policy service tab got only service port name changed l guess (is it still 443). Your policies can be combined into a single (1) rule. Did you test with application and services as any, without the security profiles (if any) or even to bypass the Palo?

L2 Linker

Re: TCP-RST-FROM-CLIENT

I got my SE on the case and while studying packet-captures it suddenly seemed like the communication was great until the packets got big. We wondered if it could be an MTU problem.

 

I put a laptop in the PA220's place and ran through the connections at MTU 1500 - AOK.

Put the laptop in the client's place and had to drop down to 1400 to get the transfers to go.

 

We couldn't find anywhere in the PA220 where MTU was set below default (1500?) but when we turned on jumbo-frames and set the GlobalMTU at jumbo-default, and rebooted, all flows pass properly.

 

Yay, but really?!

Highlighted
L2 Linker

Re: TCP-RST-FROM-CLIENT

i'll eat my crow now...

 

Problem solved:

Bad cable/ethernet jack on upstream router. All successful connections correlate with events where a coworker was forcing the lab traffic over a different link. His timing just made my troubleshooting harder.

 

Layer 1 sure gets in the way when you're think 4 through 7.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!