I use PA-5050 , PANOS-4.0.9 , 10G Interfaces
DMZ zone has FTP Server. It work for file download service to Internet.
FTP data traffics are very slow (about 50KByte/s).
But the device is working "commit" that FTP data traffics are fast(about 10MB/s)
And FTP data traffic are slow again after commit 10 minute.
I had checked Interface count on DMZ interface and global count.
What mean are "flow_fwd_zonechange" and "Packet routed to different zone"?????
flow_fwd_zonechange: when packet is to be forwarded, the zone of egress interface does not match the egress zone in the session due to route change.
Did you make any configuration changes with regards to routing, natting ?
These error might pop up under global counters if something in routing configuration changed such that an existing session was to be routed out a different interface (with a different zone) and so these counters incremented.
Is there an open PBF rule that the session is inadvertently matching? If so, please try disabling the PBF rule or trying adding a "no-pbf" rule for traffic to/from the host at the top of the PBF rulebase.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!