This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Documentation on the setting "Software Cut Through"

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Documentation on the setting "Software Cut Through"

asaraca
L0 Member

‎09-17-2022 10:27 AM

Hi,

   I can't seem to find any info on the setting "Software Cut Through". It's currently set to true on our PA-460. Would that affect the performance of our firewall ?

 

Thank you,

 

 

Antonio

4 REPLIES 4

GaryOssewa
L1 Bithead

‎12-02-2023 01:10 AM

The only thing I can find is in a vm-series deployment guide for 11. However, I've encountered issues with this feature on PAN-OS 10.2.6

0 Likes Likes

EdGal
L0 Member
In response to GaryOssewa

‎12-09-2023 05:57 AM

4 or five hours ago I had a issue with this parameter after upgrading to 10.2.6. We had to disable it.  According to the information I have, this is what happens:

set session sw-cut-thru no


When software cut through is marked on the flow, the flow parameters aren't correctly set on GP-SSLVPN tunnel packets. This specifically affects packets in request direction and they are dropped due to missing packet fields.

The command address the problem by correctly setting packets fields in code path taken by packets when software cut through is marked on that specific flow session.

If you upgrade to 10.2.6 and after that, some, if not all your GP SSL-VPN traffic is being dropped o tcp-reset, then you should check if this parameter is the root cause.

0 Likes Likes

GaryOssewa
L1 Bithead
In response to EdGal

‎12-09-2023 08:03 AM

Same here. Bug ID PAN-231043 - supposedly fixed in 11.1.0, 11.2.0, 10.2.8, 10.2.7, 11.1.2.

msyeedrafiqi
L2 Linker

‎12-09-2023 10:56 PM

The 'sw-cut-thru' is a sort of software offload feature introduced in 10.1 Once XX number of packets in a session are inspected and deemed safe/valid, then the rest of the packets in that session are 'cut-through' from ingress to egress without having to go through fastpath for forwarding lookup for every packet. Or, in other words, software cut-through is a feature that aims to improve packet forwarding for platforms without hardware offload.

Zain
0 Likes Likes
  • 3440 Views
  • 4 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks