We are seeing some of our Palo's periodically logging (almost) all traffic as unknown-tcp.
As the traffic is being allowed through (and logged against) rules that do not allow it we assume this is a problem with the logs, rather than traffic being miscategorised. However we do seem to be be experiencing some random issues that may, or mayt not be connected.
Rebooting the Palo seems to clear the problem.
Just wondering if anyone else has see this (we are 8.1.1) before opening a support call.