This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Intermittent SSL

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Intermittent SSL

Tom-T
L1 Bithead

‎02-21-2017 08:42 AM

SSL traffic stops after about 45 minutes and is restored in about the same time frame (maybe longer). Firewall is not configured to decrypt. HTTP traffic has no problems. Just deployed (test network) low use firewall (3050) running 7.1.7.

 

0 Likes Likes
9 REPLIES 9

TranceforLife
L6 Presenter

‎02-21-2017 09:16 AM - edited ‎03-03-2017 01:51 AM

What can you see in the logs? Reason for drop 

0 Likes Likes

Tom-T
L1 Bithead
In response to TranceforLife

‎02-21-2017 09:32 AM

Action is allow. Connections act like they are timing out. Not receiving “age-out” for session end. When I put Force Point fw back in, all is good.

0 Likes Likes

TranceforLife
L6 Presenter
In response to Tom-T

‎02-22-2017 02:05 AM - edited ‎02-22-2017 07:21 AM

So what do you see in the "Session End Reason" column? Can you post a snip of the session from the monitoring tab please. Worth to get a PCAP from the firewall on when the issue is happening (use filter option ).

0 Likes Likes

Tom-T
L1 Bithead
In response to TranceforLife

‎02-22-2017 07:58 AM

Session End Reason is "tcp-rst-from-client".  The device is on another network will limited access.  I am pushing to see if I can get the FW back online to troubleshoot some more. 

0 Likes Likes

TranceforLife
L6 Presenter
In response to Tom-T

‎02-23-2017 07:45 AM

We need more details, but the end reason quite clear:"tcp-rst-from-client"

0 Likes Likes

Tom-T
L1 Bithead
In response to TranceforLife

‎02-24-2017 09:42 AM

I agree on more info.  The bad thing is putting the device back online has been put on hold for a few days.  Hopefully I can post a status early next week.

A little more information.  I have control over two workstations behind the firewall.  They are configured not to use a proxy server at this time.  When the firewall is first brought up, access to http and https sites work.  After around 45 min or so, access to https sites stop, from the same device.  Then a while later it starts working again.  To me it does not look like a workstation issue.

0 Likes Likes

TranceforLife
L6 Presenter
In response to Tom-T

‎02-24-2017 10:18 AM - edited ‎02-24-2017 12:58 PM

Most of the times log never lie but we will continue to troubleshoot when the device back online.  Just drop a message

0 Likes Likes

Tom-T
L1 Bithead
In response to TranceforLife

‎03-02-2017 10:00 AM

Device back online for 2 days.  No problem.  If it is going to come back, it will be in a few weeks when it gets moved to production.

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to Tom-T

‎03-02-2017 11:20 AM

I think that @TranceforLife probably nailed it initially when you two were troubleshooting; logs on the PA are correct probably 99% of the time. 

0 Likes Likes
  • 3731 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks