01-13-2019 10:05 PM
I am using PA-850. I am having the problem. sometimes the internet is blocked. and I see in the monitor, the sesson end is: tcp-fin and aged-out. but after refresh some times, then I can access to internet.
Please help to advise how to fix it. please let me know if you need more information for this issue
01-13-2019 11:28 PM
TCP-FIN is a normal way to end a TCP session and doesn't indicate an error.
Aged-out is as normal way for UDP session to end. But make sure packets are flowing in both way in this case, check sent/received packets count.
01-14-2019 12:37 AM
I checked and see that, session end reason aged-out: packets sent and packets recived is same numbers
but session end reason tcp-fin: sent and recviced is different.
please help to advise.
01-14-2019 05:47 AM
That's all normal. That doesn't indicate any errors.
10-14-2020 06:07 PM
Aged-out doesn't mean failed to get a further response as well..? For some reason, the other end is not responding to my query, after a certain amount of time, the session will age out and terminated. The reason could be my IP is been block listed, or some network path issue in-between.
12-03-2021 10:34 AM
I am the Jr. Network Admin of a Private School in Dobbs Ferry, NY and we are experiencing this exact issue. Our traffic is fine for our users until suddenly they are unable to get to any external webpages and the Traffic Monitor shows the session application as "incomplete" and end reason of "Aged-out" despite being TCP. After anywhere from 5-15 minutes, it seems to clear up and be fine, only to happen to another subnet/user(s) again and again. Our packet captures show "flow_fwd_l3_noarp 12 0 drop flow forward Packets dropped: no ARP" and nothing we have done seems to fix it. We have confirmed there are no Security or NAT policies that are blocking the traffic and that the counters on the network facing interfaces increase for "no arp found" and "packets dropped by flow state" increase when the problem occurs. The external interfaces affected show only increasing counters for "packets dropped by flow state."
It has been on and off for about 3 months and Palo Support has not gotten us anywhere in terms of solutions. Hoping you or someone else who has experienced this can offer some guidance!
12-04-2021 11:00 AM
01-28-2022 07:29 AM
If you have the issue again, get on the CLI and use:
show arp all
to see if you have an entry for your device's default route next hop. If it's not in the ARP table, you may be having a physical or layer 2 issue where the firewall is not able to forward to your Internet provider's upstream device because it doesn't have a MAC for it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!