Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
09-18-2015 12:19 PM
Hi
We have noticed this with two customers and on our own PA's , all of these are PA3020's in a HA a/s setup
SSL decrypted outbound traffic hangs intermittently for a few minutes and then it starts to pass through again.
This happens both with 7.0.1 and 7.0.2
anyone seen this issue as well ?
kinda hard to work with support on this since it's intermittent
regards
Gudmundur
12-21-2015 06:32 AM - edited 12-21-2015 06:33 AM
Tried the workaround but it gives just very little improvement.
Palo Alto please release the 7.0.4 asap. Where in the week of 21 december!
12-21-2015 02:44 PM
The Syn-Cookie-Workaround worked for me. Before this commits were when I saw the biggest SSL traffic hangs.
Thanks
12-22-2015 08:38 AM
Upgrading to 7.0.4 right now.
12-22-2015 09:12 AM
It looks like there were quite a few fixes to SSL decryption in this release. I'm hopeful this is actually the release where it's been fixed.
12-22-2015 09:18 AM
Let's hope. I have both of my 5050's upgraded, but we're 45K student school and everyone is out on break, so I don't have the load this week and next to verify if the fix is working.
12-22-2015 03:08 PM
How'd it go? Any glaring issues? I'm looking to upgrade tonight
12-23-2015 04:28 AM
Sorry, I was already gone for the day when I saw your message. I haven't seen any new problems, and I have not seen the SSL freeze, but like I said in an earlier post our load is really low right now.
12-23-2015 06:29 AM - edited 12-23-2015 06:55 AM
Hi,
Upgraded yesterday from 7.0.3 to 7.0.4 (3 firewalls), no issues so far. SSL freeze seemes to be fixed.
And also the annoying bug that some Microsoft sites failed to load randomly.
This is the first time that i am satisfied with the 7.0.x release.
It looks finally "production ready"
12-23-2015 08:08 AM
Yeah I have the same experience. I upgraded one set of 3050s last night and so far things look good. I noticed they increased the FPTCP buffer from 32768 to 131072... quite the jump! I monitor this value every 5 seconds and I've yet to see the buffer go under 129000, whereas before it would hit 0 quite often (and thus cause the decryption outage). I'll continue to keep an eye on it and will report here if things go south again.
12-30-2015 07:11 PM
So far no issues in a week. I'd say this bug is squashed finally.
12-31-2015 01:35 AM
Here also, no issues after a week.
I agree bug squashed!
01-04-2016 05:40 PM
Hi Guys,
We are planning on upgrading to 7.0.4 in a couple of days, has anyone upgraded yet and if so was your decryption issues resolved.
Thanks
Sol.
01-05-2016 06:08 AM
I upgraded on Sunday afternoon and so far so good.
01-05-2016 06:15 AM
@sokonta (Says the 4 or so other people before you saying they haven't seen the bug they previously saw in 7.0.3 with SSL enabled.)
01-05-2016 08:48 AM
Thank you guys 7.0.4 it is then..
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
