11-14-2025 12:31 AM
Attention: Global TPM team,
Hi,
I have some question about PAN-303959.
----
Traffic that is incorrectly identified as unknown-tcp/unknown-udp eventually drops due to an App-ID resource limitation issue.
----
https://docs.paloaltonetworks.com/pan-os/11-2/pan-os-release-notes/pan-os-11-2-9-known-and-addressed...
Q1)
What specifically is the situation where this issue occurs?
Q2)
What exactly is the App-ID resource limitation?
Q3)
Is there a workaround for this issue?
BR,
MasaW
11-19-2025 01:26 AM
Hi @MasaW ,
For this specific bug the counter appid_post_pkt_queued counter is critical. An increasing value here shows that packets are being queued for App-ID processing. This a precursor to failure.
Once the appid_exceed_pkt_limit_post counter begins to increment, it is a definitive sign that the system is in a bad state. This counter confirms the App-ID engine has hit its configured limit for total queued packet size, resulting in the failure of application identification and the dropping of traffic.
Please reach out to TAC for a target fix and possible workaround.
Kind regards,
-Kim.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
