- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-13-2017 02:48 AM
Is there any reason why iperf traffic in either TCP or UDP is recognised as unknown-udp/tcp by the PAFW?
there is an app-id called 'iperf' but it never matches.
04-13-2017 04:14 AM
I just tried it using the iperf3 64 bit windows binaries from https://iperf.fr/iperf-download.php and it matches on 8.0.1
can you offer more specifics on what you're using?
04-13-2017 04:22 AM
jperf 2.0.2
PAN-OS 7.1.7
testing with iperf now, however it shouldnt be any different as jperf is just a Java frontend.
04-13-2017 04:36 AM - edited 04-13-2017 04:39 AM
Can you please post the detailed traffic logs.
04-13-2017 04:39 AM
same result for me using jperf2.0.2 from the Google Code archive. your app/threat content is current? you are using the default port of 5001?
04-13-2017 04:57 AM
Some users did report weird stuff with app-id before so wondering if you can create a separate policy to allow iperf only as an application and test again.
04-13-2017 05:01 AM
I thought the same as well, and ran that test with rule #1 being an iperf app-id rule
04-13-2017 05:09 AM
Getting interesting isn't it :0 Reinstall app-id database possible in your environment? I guess this is the only one app at the moment that is not identified correctly?
04-13-2017 05:13 AM
yea i can reinstall, its also the 2nd firewall in a completely different environment that ive seen this on.
yes, only iperf for now
04-13-2017 05:34 AM - edited 04-13-2017 05:44 AM
Now your issue is my issue:0
04-13-2017 05:49 AM
just checking one more thing, however looks like apps and threats version 689-3957 has the fix, perviosly i was using the version released on the 30/3.
I did an upgrade in there somewhere too, so just waiting to test downgrade...
04-17-2017 05:00 PM
hmm... better behaviour, but still weird.
default port 5001 works fine, however, 5201 and non-default ports get mapped to unknown-tcp
04-18-2017 03:10 AM
did an upgrade to 8.0 for S&G and still no luck.
it seems that if i enable log on start i *might* get a match on iperf on port 5001, but then after disabling it works for a little while then stops.
This doesnt work for other ports.
04-25-2017 09:37 PM
Ok, I have more interesting information that I would like to see if others can replicate.
when performing iperf test using iperf 3.1.3 from iperf.fr, every test that is greater than 9 and less than 100 sec is identified correctly. Anything elese is unknown.
iperf.exe -c {host} -t 9 --> NOT working
iperf.exe -c {host} -t 10 --> working
iperf.exe -c {host} -t 99 --> working
iperf.exe -c {host} -t 100 --> NOT working
its as if the encoder is expecting the -t switch to be 2 digits.
jperf still doesnt work on 5201....
 
					
				
				
			
		
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!

