Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
03-22-2021 02:21 AM
Hi Team ..
We have enable ssl decryption then we could not able to download big file.
Downloading starts and after some time it automatically in reach to pause state.
We disable SSL decryption then we could able to download file.
Firewall side we did not receive any drop packet but global counter we have received the below the counter.
admin@PA-EBTTIKAR-1(active)> show counter global filter packet-filter yes delta yes
Global counters:
Elapsed time since last sampling: 1.165 seconds
name value rate severity category aspect description
--------------------------------------------------------------------------------
pkt_outstanding 13550 11630 info packet pktproc Outstanding packet to be transmitted
pkt_alloc 18419 15810 info packet resource Packets allocated
session_freed 20 17 info session resource Sessions freed
flow_np_pkt_xmt 11323 9719 info flow offload Packets transmitted to offload processor
flow_fwd_mtu_exceeded 4196 3601 info flow forward Packets lengths exceeded MTU
flow_ipfrag_frag 8394 7205 info flow ipfrag IP fragments transmitted
log_traffic_cnt 18 15 info log system Number of traffic logs
proxy_sessions 4294967295 3686667206 info proxy pktproc Current number of proxy sessions
proxy_sessions_forward 4294967295 3686667206 info proxy pktproc Current number of SSL-Forward decrypted session
=======
admin@PA-EBTTIKAR-1(active)> show counter global filter packet-filter yes delta yes
Global counters:
Elapsed time since last sampling: 1.410 seconds
name value rate severity category aspect description
--------------------------------------------------------------------------------
pkt_outstanding 15139 10736 info packet pktproc Outstanding packet to be transmitted
pkt_alloc 20608 14615 info packet resource Packets allocated
session_freed 21 14 info session resource Sessions freed
flow_np_pkt_xmt 12644 8967 info flow offload Packets transmitted to offload processor
flow_fwd_mtu_exceeded 4709 3339 info flow forward Packets lengths exceeded MTU
ha_session_teardown_msg_sent 20 14 info ha pktproc HA: session teardown messages sent
ha_session_update_msg_sent 341 241 info ha pktproc HA: session update messages sent
log_traffic_cnt 21 14 info log system Number of traffic logs
proxy_sessions 4294967295 3046076095 info proxy pktproc Current number of proxy sessions
proxy_sessions_forward 4294967295 3046076095 info proxy pktproc Current number of SSL-Forward decrypted sessions
=====
from global counter. I can see that proxy_sessions rate and value are always.4294967295 3046076095
from packet capture we can able to see zero-window and it is from firewall.
PAN_OS 9.1.7 and 3220 .
Could you please advice how to resolve this issue or firewall is having heavy load due to SSL decryption
02-03-2022 11:00 PM - edited 02-07-2022 08:24 PM
Looking for the same issue. Bumped into your thread. Thanks for creating it. Looking forward for solution.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
