This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Almost all traffic identified as unknown-tcp?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Almost all traffic identified as unknown-tcp?

apackard
L4 Transporter

‎06-12-2018 12:31 PM

We are seeing some of our Palo's periodically logging (almost) all traffic as unknown-tcp.

 

As the traffic is being allowed through (and logged against) rules that do not allow it we assume this is a problem with the logs, rather than traffic being miscategorised.  However we do seem to be be experiencing some random issues that may, or mayt not be connected.

 

Rebooting the Palo seems to clear the problem.

 

Just wondering if anyone else has see this (we are 8.1.1) before opening a support call.

6 people had this problem.
4 REPLIES 4

BPry
Cyber Elite
Cyber Elite

‎06-12-2018 01:16 PM

@apackard,

I've been running 8.1.1 on some lab equipment and at home for a bit and haven't seen this issue at all; further I haven't heard of anyone else experiancing an issue like this running 8.1.*. 

That being said you probably want to open a ticket simply to at least provide PA with the logs so that they can see why you are experiancing this issue. 

0 Likes Likes

m_izk
L0 Member

‎08-02-2018 04:50 AM

Did that the problem get fixed? 

Our customer is facing with the same problem as you. (ver. 8.1.1 , pa-3020.) 

As you said, rebooting the Palo seems to clear the problem.  

0 Likes Likes

apackard
L4 Transporter
In response to m_izk

‎08-02-2018 04:54 AM

Fraid not - we're currently escalaing this with Palo.

 

In a way it's good to know others are impacted by this as we're being told it's never been seen before.

 

Interestingly for us we see this much more in our US locations - we have same hardware, same OS version, same rules in EU and Asia locations and we're seeing 90% less unknown trafic types being logged.

david.myers
L0 Member
In response to apackard

‎10-17-2018 01:35 PM

Checking to see if you ever heard back from TAC on this issue.

0 Likes Likes
  • 3846 Views
  • 4 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks