This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Sporadic Applications Fail to Load - Downloads Sporadically Freeze

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Sporadic Applications Fail to Load - Downloads Sporadically Freeze

duttonr
L0 Member

‎10-07-2020 08:50 AM

For a few weeks now, we have been experiencing sporadic issues with some applications that do not load correctly or at all.  We have also had sporadic issues with downloads that freeze and eventually fail.   This isn't isolated to a browser issue.   We have primarily noticed issues associated with "amazonaws" related IP addresses.  On the firewall, we see "incomplete" in the application and zero (0) bytes received.   We have reached out to our ISP for assistance and they haven't been able to find any issues on the Internet.  We have also not been able to reproduce the issues on our Internet when we bypass the firewall.  The TAC engineer assisting us is also stumped as he sees that traffic just stops being received from the server and the TCP session eventually times out.   

 

We don't believe it is a policy issue because we don't see any traffic/applications being blocked.  There doesn't appear to be a performance issue with the firewall as the management CPU is low.

 

We suspected it was related to our public IP addresses but those IP addresses work fine when using them on the outside switch.  

 

We currently have our dynamic PAT configured to translate the entire 10.0.0.0/8 subnet to a pool of several public IP addresses.  Is there a caveat with running our PAT in this configuration?

 

Our firewall is running version 9.0.9-h1 which our Palo Alto rep is saying is a stable version.  We have an active/passive configuration of two PA5260 appliances.

 

Has anyone had an issue similar to this?   What were some of the items you did to resolve this?

0 Likes Likes
1 REPLY 1

OtakarKlier
Cyber Elite
Cyber Elite

‎10-07-2020 12:26 PM

Hello,

My guess would point to a routing issue. Here is why, you mentioned the application was incomplete (this just means that there were not enough packets from the firewall to see what type of application it was) however in my experience this points to routing. You say its sporadic, maybe there is a dynamic routing protocol on your networking that could be 'flapping'? When I work at places that have multiple paths between locations, I always put a weight on one of the paths so I dont get asymmetric routing.

 

Hope that helps.

  • 1955 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks