SSL-VPN Portal not showing

Reply
Highlighted
Not applicable

SSL-VPN Portal not showing

Hi,

we have an SSL-VPN portal that has been working for a long time. However, in the last 2-3 weeks, we have experienced the same problem twice. The Portal won't show on the browser, but traffic logs show the traffic being allowed by the corresponding rule. Access to the management IP is working fine as well as all other services.

I have tryed restarting Management and Device Servers, as well as SSL VPN Web Server without any success.

The only thing that solved this issue in both cases was to reboot the entire device.

PAN-OS version is 4.1.2 but we didn't see any relationship between the upgrade and this issue, since it appeared a long time after upgrading, not right after.

I opened a case and sent techsupport file, but meanwhile, I would like to know if anyone has experienced similar issues and how were they resolved.

Thanks in advance!

Highlighted
L4 Transporter

There is a known sofware packet buffer leak that can cause similar behavior. When encountered the only resolution is to restart the dataplane or upgrade to 4.1.4.


To check if you are affected by the leak you can run the following command:

> debug dataplane pool statistics

Software Pools

[ 0] software packet buffer 0  :        1/16384    0x8000000022000680

[ 1] software packet buffer 1  :        1/8192     0x8000000022810700

[ 2] software packet buffer 2  :        1/16384    0x8000000023018780

[ 3] software packet buffer 3  :        1/4192     0x8000000025028800

[ 4] software packet buffer 4  :        1/304      0x800000002d538a00


Above, all of the pools are depleted. Here is a example of what a device not affected by the leak:

Software Pools

[ 0] software packet buffer 0  :    16383/16384    0x8000000022000680

[ 1] software packet buffer 1  :     8192/8192     0x8000000022810700

[ 2] software packet buffer 2  :    16384/16384    0x8000000023018780

[ 3] software packet buffer 3  :     4096/4096     0x8000000025028800

[ 4] software packet buffer 4  :      304/304      0x800000002d22c880

The software pool stats will also be written to the dp-monitor.log file every 10 minutes so you could find the time of the failure and search for "software packet buffer".

- Stefan

Highlighted
Not applicable

Thanks for the answer!

Since there is no HA on this envorinment and restarting the data-plane everytime is not viable, I will update the device to 4.1.4.

In case it happens again, I will try with that command to check the output.

Really appreciated the answer.

Best regards!

Highlighted
L6 Presenter

Please feedback if 4.1.4 solved your issues regarding this or not (not that I currently use SSL-VPN Portal but can be good to know in case similar questions turns up in future :-)

Highlighted
L5 Sessionator

Yes, or give us some feedback on if your buffers were depleted or not.

Thanks,


Jason Seals

Highlighted
Not applicable

Hello,

I have experimented the same issue on PanOS 4.0.9 in a PAN 2020.

Hardware Pools

[ 0] Packet Buffers            :    57170/57344    0x8000000410000000

[ 1] Work Queue Entries        :   192131/229376   0x8000000417000000

[ 2] Output Buffers            :      999/1024     0x8000000418c00000

[ 3] DFA Result                :     2048/2048     0x8000000419100000    

      DFA Result                :

[ 4] Timer Buffers             :     4092/4096     0x8000000418d00000    

      Timer Buffers             :

[ 5] PAN_FPA_LWM_POOL          :     8192/8192     0x8000000419300000

[ 6] PAN_FPA_ZIP_POOL          :     1024/1024     0x8000000419500000

[ 7] PAN_FPA_BLAST_POOL        :       64/64       0x8000000419700000

Software Pools

[ 0] software packet buffer 0  :        1/16384    0x8000000021800680

[ 1] software packet buffer 1  :        1/8192     0x8000000022010700

[ 2] software packet buffer 2  :        1/8192     0x8000000022818780

[ 3] software packet buffer 3  :        1/4096     0x8000000023820800

[ 4] software packet buffer 4  :        1/256      0x800000002ba24880

[ 5] Pktlog logs               :    10000/10000    0x800000002ca514e0

[ 6] Pktlog threats            :     4999/5000     0x800000002cc6a720

[ 7] Pktlog packet             :     5000/5000     0x800000002cd77080

Highlighted
L4 Transporter

Hi David,

The fix for the 4.0 branch will be included in 4.0.11 which is targeted for release late April / early May.

- Stefan

Highlighted
L4 Transporter

Hi David,

Software Version 4-0-11 was out April 11, 2012.

If you get a chance please upgrade to that version if NOT already to get rid of the Software Pools depletion bug .

Regards,

Parth

Highlighted
Not applicable

Hello Parth,

Thank you for your advice. We did update the device to PANOS 4.0.11 and there is not any problem with VPN portal until today.

Thank you again.

Regards,

Highlighted
L0 Member

Hello,

I have experimented the same issue on PanOS 4.1.6 in a PAN 2050.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!