Getting intermittent unknown UDP traffic logs

Reply
Highlighted
L3 Networker

Getting intermittent unknown UDP traffic logs

Hi All ,

 

I am having policy  having application group and set services as application default .

 

Sometime policy is working fine but sometime its dropping packet and in logs showing application  unknown UDP.

 

Could you please suggest any troubleshooting steps here ? I did packet capture but not seeing any this specific which can indicate any issue on firewall end .

 

Thanks 

Highlighted
Cyber Elite

@deepak12,

What type of traffic are you actually seeing this on? It wouldn't be uncommon to see something developed internally have an unknown-tcp/udp determination, but if it's traversing the untrust/internet interface that's different. 

In any case, it usually means that the firewall either didn't pass enough traffic to identify the app-id, or an app-id simply doesn't exist for the traffic. 

Highlighted
L3 Networker

@BPry ,

It's syslog traffic . Moreover for same set of source and destination IP , its working fine , properly identifying the APP-id.

I am using default syslog app-id .

Highlighted
Cyber Elite

@deepak12,

Interesting. I've never actually had the firewall fail to identify syslog traffic across the default 514 port, but I have if I customize the port without creating a custom application or doing an application-override see it come across as unknown-udp. 

Personally, I would take a packet capture of the traffic when it comes across as unknown-udp and see if you can notice any sort of difference with the traffic. If you aren't seeing anything I would try to capture the traffic and open up a TAC case for review.

Highlighted
L3 Networker

@BPry 

 

Thanks , I will check with Tac and update here with findings .

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!