TCP-RST-FROM-CLIENT

Do you have any security profiles applied for the policies? Anything in the threat logs? Temptrip HTTPS policy service tab got only service port name changed l guess (is it still 443). Your policies can be combined into a single (1) rule. Did you test with application and services as any, without the security profiles (if any) or even to bypass the Palo?

I got my SE on the case and while studying packet-captures it suddenly seemed like the communication was great until the packets got big. We wondered if it could be an MTU problem.

I put a laptop in the PA220's place and ran through the connections at MTU 1500 - AOK.

Put the laptop in the client's place and had to drop down to 1400 to get the transfers to go.

We couldn't find anywhere in the PA220 where MTU was set below default (1500?) but when we turned on jumbo-frames and set the GlobalMTU at jumbo-default, and rebooted, all flows pass properly.

Yay, but really?!

i'll eat my crow now...

Problem solved:

Bad cable/ethernet jack on upstream router. All successful connections correlate with events where a coworker was forcing the lab traffic over a different link. His timing just made my troubleshooting harder.

Layer 1 sure gets in the way when you're think 4 through 7.

Hi All,

I am using PA-850, where copying files from internet or other sites via PAN has slowed down very much.

On Monitor logs, it shows TCP-RST-FROM-CLIENT. And when I do PCAP on those packets I see TCP getting retransmitted.

Any help would be great here. Thanks.

Regards,

Raghav