07-07-2016 06:14 PM
Can anyone provide details on some of the problems that were experienced after applying content update 596?
We spent all night troubleshooting a problem where our PA3020 was impacting TCP\9100 traffic. The problem started soon after the update. We would see the TCP handshake between a print server and printer occur, some data would be sent, then we would see TCP retransmissions, long delays in responding to ACK's and a TCP reset from the printer.
It stopped when we bypassed the PA.
I am curious if this could be related to the recalled content update.
07-07-2016 11:15 PM
strongly agree with btrotter: give us some explanation, plz. 🙂
yesterday we had nearly 100% cpu load on useridd process on one cluster's member and 197% 😮 on second member. i restarted useridd daemon and evertyhing gone to the normal state.
probably it is not connected but it would be nice to know what is wrong with 596.
regards 🙂
07-08-2016 12:58 PM
It would be nice if they provided a little insight to what was actually happening with 596 as our 3020 was all ready to install it before the update was pulled; thankfully it only installs on Wednesdays at 1am or if I really want to force it because of a false positive.
This update with the SMB fix was soemthing I was really looking forward to as well, since that broke some things for us earlier and I've had to just exlude the vulnerabilty ID for a specific user group.
07-08-2016 01:59 PM
"This issue was caused by a PAN-OS bug in 7.1.x, that was triggered by the introduction of an IPS signature in this content update. The bug impacts traffic processing and application identification on firewalls running PAN-OS 7.1.x"
This was the information that I was able to find. It seems like in the past month I've ran into more problems with threat signatures then what I thought was possible. It would be nice if Palo just set these to alert instead of reset-both if they were unsure if they were actually going to work. I would rather have something that was only alerting me to an issue instead of something was was breaking connections.
07-08-2016 02:11 PM
Hello,
I know its a bit late, but I have my PAN's set to dynamically update daily with a threshold. This way I might be only a day behind, but protects against these types of releasese.
Regards,
07-08-2016 02:15 PM
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
