10-13-2018 11:47 PM
ssl decryption is enabled on PA.
sh running resource monitor is also normal.
when i run below command i see
show counter global filter delta yes category proxy
Global counters:
Elapsed time since last sampling: 124.323 seconds
name value rate severity category aspect description
--------------------------------------------------------------------------------
proxy_process 104 0 info proxy pktproc Number of flows go through proxy
proxy_wait_pkt_drop 24 0 drop proxy pktproc The number of packets get dropped because of waiting status in ssl proxy
proxy_sessions 33 0 info proxy pktproc Current number of proxy sessions
proxy_sessions_forward 33 0 info proxy pktproc Current number of SSL-Forward decrypted sessions
proxy_broker_policy_skip 69 0 info proxy pktproc Sessions not processed by forwarding profile by policy
--------------------------------------------------------------------------------
Total counters shown: 5
--------------------------------------------------------------------------------
I read if proxy wait pkt drop counter is incrementing then it is resouce issue on the PA?
so which counter i should worry about ?
value or rate?
10-15-2018 02:16 PM
On a 220 it's quite possible that you are running into some sort of resource contention depending on how much traffic you are actively attempting to decrypt. When working on a 220 you'll be looking at the following limitations.
SSL Decryption | ||
Max SSL inbound certificates | 25 |
|
SSL certificate cache (forward proxy) | 128 |
|
Max concurrent decryption sessions | 6,400 |
|
10-15-2018 09:05 AM
What platform are you running; you may be running into platform limitations on the number of sessions you can actively decrypt at any one given time.
10-15-2018 10:26 AM
i have PA 220 running 8.1.3.
10-15-2018 02:16 PM
On a 220 it's quite possible that you are running into some sort of resource contention depending on how much traffic you are actively attempting to decrypt. When working on a 220 you'll be looking at the following limitations.
SSL Decryption | ||
Max SSL inbound certificates | 25 |
|
SSL certificate cache (forward proxy) | 128 |
|
Max concurrent decryption sessions | 6,400 |
|
10-15-2018 03:28 PM
Many thanks for answering question.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
