I have such a weird problem.
A user has to connect to a samba server. He does it on his mac with cyberduck, Port 999 and ssh.
in the monitor, the application is "incomplete", the action is "allow", and session end reason is "aged-out".
Currently, the concerning firewall policy to this public server is any app and any service.
However, the connection doesn't work. It can't connect.
What's the deal here?
PS: It worked yesterday! So I think there is something wrong with the firewall (PA 3020).
I also restored the backup from yesterday, however, it doesn't work!
What can I do? Restart dataplane? Restart the whole device?
Thank you very much.
Solved! Go to Solution.
Can you ping a server from PA? Looks like TCP handshake is not complete. Any NAT in place? Check detailed traffic log reason and bytes received/sent.
Yes I can ping the public ip of the server. as source interface I used the gateway which the mac uses.
Yes, there is NAT in place.
detailed log view:
Bytes send: 640
Bytes received: 0
Repeat Count: 1
Looks like you stealing an information:) Just post snip of your detailed session and NAT rule for the client (wipe sensitive info from logs). What version of PAN-OS you running?
You were right, our public NAT IP was blocked in the server's internal firewall.
PS: What effect does "Restart Dataplane" under Device -> Operations have?
When do I use it?
Good point actually. As it was a silent drop (no RST or reject received by PA). Dataplane @reaper should have an answer. l never use that option
The dataplane is what actually processes all of your traffic. Restarting it would essentially temporarly stop traffic from being processed while the dataplane comes back up. You really only use it if you suspect that one of the processes isn't functioning correctly and need to restart it without actually restarting the box. It's quite a bit faster than restarting the whole thing as you only have to wait for 'half' the box to come back up. This graph might help.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!