01-15-2016 08:52 AM
Some of the sessions are ended with Resource-unavailable reasons. Almost all traffics in these sessions are web-browsing and some updates traffics on port-80.
All https-443 are working fine. this issue happened for 4 hours on last week.
checked here for describtion: https://www.paloaltonetworks.com/documentation/61/pan-os/newfeaturesguide/networking-features/sessio...
Is there any way to resolve?. Please suggest
01-15-2016 11:18 AM
What's the associated hadware?
Do you use any cloud based services?
How many users behind the PA device?
01-16-2016 01:18 AM
May I know the following to have a little background of the issue ?
1. What is the panOS version on the firewall ?
2. Does the issue resolve by itself or you need to restart any services (like dataplane, or reboot the firewall etc ) ?
You may be able to see some indicators by setting the filters and check the global counters for any resource issues (like the ones mentioned in the link you provided).
If the load on the firewall is normal and no suspicious counters are seen the I would suggest you to open a case with Technical Support as this may be a software issue which needs to be investigated.
Hope this helps !
01-16-2016 11:07 AM
May be users accessing some cloud services
concurrent session utlization was 2k only.
01-16-2016 11:11 AM
Issue resolved after the reboot.
Firewall load is normal.
I will open the TAC case. Thanks
01-18-2016 06:54 AM
The reason why I was asking about cloud usage and and internal users, was I was thinking maybe there was a NAT resource exhaustion.
If you're only set up with a single public IP and users, say, were going to O365 you might have reached a mathmatical limit to available NAT ports. Also there's a relatively low limit on SSL interception cabiliites for the 3020.
01-18-2016 07:47 AM
It is less likely to be NAT exhaustion issue since other traffic like HTTPS (and other) like is working fine (which would also use source NAT). This seem to be a software issue which would require deeper analysis by the Tech support team.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!