03-15-2018 01:21 PM - edited 05-03-2018 07:34 AM
Please be advised, there is a current issue with PAN-OS 8.1 which seems to break anything SMB related, e.g. mapped network drives. Sessions have an end reason of "resources-unavailable" and go into state "Discard" in the session table.
Upon speaking with a TAC engineer, this is a known issue and they are working towards a fix.
Edit: This is now resolved in PAN-OS 8.1.1 under BugID:
Fixed an issue where Server Message Block (SMB) sessions were in a discard state with the session end reason resources-unavailable
05-15-2018 09:14 PM
This rule worked for me, stuck on this version for now.
05-21-2018 09:20 PM
Got the same issue on 8.1.0. Tried the App override and it seems to be working for most sites. However, we still see same message logs randomly, every 2-10 mins. We have 50+ file servers in 7 firewall zones and uses smbv1, v2 and v3. This app override is scary as it disabled inspection on the flow which could potentially bypass ransomware attacks (such as EternalBlue) which use smb vulnerabilities. It's disappointing to see that this is not a known issue in 8.1.0 release notes even after many people reporting this in last 3-4 months. Looks like the best option is to avoid this version at any cost. Has anyone tried 8.1.1 to see if it has more fundamental issues like these?
03-29-2022 06:02 AM
I am facing the same issue in version 9.1.6 , I have put a temporary application rule for SMB as a workaround and things are working fine.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!