We are seeing some of our Palo's periodically logging (almost) all traffic as unknown-tcp.
As the traffic is being allowed through (and logged against) rules that do not allow it we assume this is a problem with the logs, rather than traffic being miscategorised. However we do seem to be be experiencing some random issues that may, or mayt not be connected.
Rebooting the Palo seems to clear the problem.
Just wondering if anyone else has see this (we are 8.1.1) before opening a support call.
I've been running 8.1.1 on some lab equipment and at home for a bit and haven't seen this issue at all; further I haven't heard of anyone else experiancing an issue like this running 8.1.*.
That being said you probably want to open a ticket simply to at least provide PA with the logs so that they can see why you are experiancing this issue.
Fraid not - we're currently escalaing this with Palo.
In a way it's good to know others are impacted by this as we're being told it's never been seen before.
Interestingly for us we see this much more in our US locations - we have same hardware, same OS version, same rules in EU and Asia locations and we're seeing 90% less unknown trafic types being logged.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!