Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-16-2012 09:10 AM
Hi all,
I'm seeing some odd behaviour with apps that use SQL where the app is on a terminal server. The terminal server has an app installed and works perfectly when the PAN TS agent is not running. When the agent is started, the application throws up lots of connection errors.
This happens with multiple terminal servers, multiple app and multiple SQL servers.
Has anyone else seen behaviour like this at all?
Thanks,
UKRB
11-16-2012 11:08 AM
If im not mistaken using TS-agent will assign a portrange per user on the server which the TS-agent then informs the PA device of.
Like sending info to the PA device that if an outbound connection is made where sourceport is 1100-1199 then the PA should log this as userX. If port 1200-1299 is used then its userY and so on.
However im not sure if its the TS-server that does on its own and the TS-agent just reads these values or if its the TS-agent who configures the TS-server for this.
So my thought is if your application for some reason tries to use its own srcports which the TS-server simply just drops (because its not the srcports which is assigned to the user running your application) so your app logs connection errors?
11-17-2012 03:20 PM
Hi UKRB,
I have currently the same issues with an SQL database application running on a terminal server. If the agent runs, the application displays connection error messages. Even if the sessions started within the user context, the agent causes an issue...
11-19-2012 01:50 AM
Hi siebi.
I'm pleased to hear that I'm not the only one who is having this issue. It's really quite frustrating. I did log it with support a while back but didn't make much progress.
Have you logged it at all yourself?
Thanks
08-06-2013 09:48 AM
Siebi and UKRB,,
I too have run into the same issue,,,we just spun up 300 TS-agents on the weekend and had to disable about 70 agents
due to issues with SQL connnections. One of my thoughts is reserved ports for system services. We may need to expand
these to say 1025-10000. I looked at the netstat -a table for some of these servers having the issue and most of the
sql connections are sourced from between 1025-7000....
Has anybody found a solution yet? At this point just shootin from the hip! 🙂
thanks,,
08-27-2013 07:44 AM
Has anyone got anywhere with PAN support with this? I've slightly given up hope which is not great really!
02-15-2017 01:25 AM
Bump!
We are having this very same issue with multiple database applications. No idea how to solve but to disable the TS Agent.
10-12-2023 01:55 AM
Hey folks,
Check out HonorSourcePorts and TWS. For me, I had to enable both (Value 1).
11-16-2023 10:21 AM
Thanks JoschkaKruse. HonorSrcPortRequest worked for my environment.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
