can not able to download file after enable ssl decryption

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

can not able to download file after enable ssl decryption

L2 Linker

Hi Team ..

We have enable ssl decryption then we could not able to download big file. 

Downloading starts and after some time it automatically in reach to pause state.

We disable SSL decryption then we could able to download file. 

Firewall side we did not receive any drop packet but global counter we have received the below the counter. 

 

admin@PA-EBTTIKAR-1(active)> show counter global filter packet-filter yes delta yes

Global counters:
Elapsed time since last sampling: 1.165 seconds

name value rate severity category aspect description
--------------------------------------------------------------------------------
pkt_outstanding 13550 11630 info packet pktproc Outstanding packet to be transmitted
pkt_alloc 18419 15810 info packet resource Packets allocated
session_freed 20 17 info session resource Sessions freed
flow_np_pkt_xmt 11323 9719 info flow offload Packets transmitted to offload processor
flow_fwd_mtu_exceeded 4196 3601 info flow forward Packets lengths exceeded MTU
flow_ipfrag_frag 8394 7205 info flow ipfrag IP fragments transmitted

log_traffic_cnt 18 15 info log system Number of traffic logs
proxy_sessions 4294967295 3686667206 info proxy pktproc Current number of proxy sessions
proxy_sessions_forward 4294967295 3686667206 info proxy pktproc Current number of SSL-Forward decrypted session

=======

admin@PA-EBTTIKAR-1(active)> show counter global filter packet-filter yes delta yes

Global counters:
Elapsed time since last sampling: 1.410 seconds

name value rate severity category aspect description
--------------------------------------------------------------------------------
pkt_outstanding 15139 10736 info packet pktproc Outstanding packet to be transmitted
pkt_alloc 20608 14615 info packet resource Packets allocated
session_freed 21 14 info session resource Sessions freed
flow_np_pkt_xmt 12644 8967 info flow offload Packets transmitted to offload processor
flow_fwd_mtu_exceeded 4709 3339 info flow forward Packets lengths exceeded MTU

ha_session_teardown_msg_sent 20 14 info ha pktproc HA: session teardown messages sent
ha_session_update_msg_sent 341 241 info ha pktproc HA: session update messages sent
log_traffic_cnt 21 14 info log system Number of traffic logs
proxy_sessions 4294967295 3046076095 info proxy pktproc Current number of proxy sessions
proxy_sessions_forward 4294967295 3046076095 info proxy pktproc Current number of SSL-Forward decrypted sessions

=====

from global counter. I can see that proxy_sessions  rate and value are always.4294967295 3046076095

 

from packet capture we can able to see zero-window and it is from firewall. 

 

PAN_OS 9.1.7 and 3220 .

 

Could you please advice  how to resolve this issue or firewall is having heavy load due to SSL decryption 

 

 

3 REPLIES 3

L2 Linker

Tx.pcap file.

=======

 

bit_byte_0-1616404982450.png

 

L1 Bithead

We have this same issue as well. Any help from the community would be much appreciated!

L0 Member

Looking for the same issue. Bumped into your thread. Thanks for creating it. Looking forward for solution.

 

 

Dunkinrunsonyou

  • 3016 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!