Identifying unknown-tcp in Monitor tab

Reply
L7 Applicator

Hello Clint,

It's looks like the firewall passing a good amount of traffic, but still not able to identify the correct application-signature. Do you have a chance to take a packet capture. We can relay that PCAP through a  LINUX REPLAY server and let you know if you need to contact with PAN support to open an App-ID BUG.

In the mean time, you may also try app-override once.

Thanks

L3 Networker

Did you ever get this one resolved?  I have a newly configured PA-500 and noticed the same issue for our iSCSI traffic. It is a Dell EqualLogic. There is already a Application ID for iscsi for tcp/3260; however in our QoS reports it is shown as unknown-tcp

L7 Applicator

For traffic like iSCSI your best bet is to get this into a segregated vlan that does not transit routers and firewalls if at all possible.

If it must transit the PA, create an application override to improve performance and insure there is a little latency as possible on this traffic.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
L3 Networker

Hey Steven,

iSCSI traffic has been segregated into its own network (own switch); however, we do send bits over our firewall/routers for replication. The traffic is coming and going between our network here and our offsite location.  As one could imagine, this data is appearing in all of the reports and typically on the top5 due to the about of bits being sent offsite (for DR).

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!