TCP-RST-FROM-CLIENT

cancel
Showing results for 
Search instead for 
Did you mean: 

TCP-RST-FROM-CLIENT

L0 Member

Hi,

 

I have allowed a FTP session. However, the FTP session does not connect. When I search the logs, the traffic is allow however the session end reason is tcp-rst-from-client.

 

Please advice.

 

Thks and Rgds

14 REPLIES 14

Is there a better way than a screen shot?

 

Here's the ruleset I have, only NetAdmin and NTP work at this time.

temptrip-rules.png

Do you have any security profiles applied for the policies? Anything in the threat logs? Temptrip HTTPS policy service tab got only service port name changed l guess (is it still 443). Your policies can be combined into a single (1) rule. Did you test with application and services as any, without the security profiles (if any) or even to bypass the Palo?

I got my SE on the case and while studying packet-captures it suddenly seemed like the communication was great until the packets got big. We wondered if it could be an MTU problem.

 

I put a laptop in the PA220's place and ran through the connections at MTU 1500 - AOK.

Put the laptop in the client's place and had to drop down to 1400 to get the transfers to go.

 

We couldn't find anywhere in the PA220 where MTU was set below default (1500?) but when we turned on jumbo-frames and set the GlobalMTU at jumbo-default, and rebooted, all flows pass properly.

 

Yay, but really?!

i'll eat my crow now...

 

Problem solved:

Bad cable/ethernet jack on upstream router. All successful connections correlate with events where a coworker was forcing the lab traffic over a different link. His timing just made my troubleshooting harder.

 

Layer 1 sure gets in the way when you're think 4 through 7.

Hi All,

 

I am using PA-850, where copying files from internet or other sites via PAN has slowed down very much.

On Monitor logs, it shows TCP-RST-FROM-CLIENT. And when I do PCAP on those packets I see TCP getting retransmitted.

Any help would be great here. Thanks.

 

Regards,

Raghav

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!