This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About SDorsey

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
SDorsey
‎10-27-2020
since ‎04-18-2012
L4 Transporter
User Activity
User Profile
Latest posts by SDorsey
View All
My Liked Posts
View All
My LIVEcommunity Articles Contributions
View All
User Badges
Community Statistics
Member Since ‎04-18-2012 08:18 AM
Date Last Visited ‎10-27-2020 06:38 PM
Posts 149
Total Likes Received 23

IPSEC Tunnel to ASA - PeerID issues

by in General Topics
‎07-11-2014 08:56 AM
1 Kudo
‎07-11-2014 08:56 AM
1 Kudo
I am setting up an IPSec tunnel to an ASA. I am getting an error message about the PEERID type only allowing IP but received FQDN. Per the other KB article, I changed the PAN Exchange mode to Aggressive. Now the PAN received a FQDN of the ASA side and gave listed the FQDN in the system logs. My question.. where in the ASA can you configure PEER and LOCAL ID in the Phase1 settings? I am not seeing that option so I cannot figure out how the PAN is getting the FQDN. ... View more

Re: Re: Re: Re: Slow Performanced Based on Order of ACL Rules

by in General Topics
‎07-08-2014 09:47 AM
‎07-08-2014 09:47 AM
Note that even on rule 5, establishing the RDP session takes 18 seconds (while going through PAN) which still seems like a long time compared to other environments. ... View more

Re: Re: Re: Slow Performanced Based on Order of ACL Rules

by in General Topics
‎07-08-2014 09:23 AM
‎07-08-2014 09:23 AM
I have the pcaps but I am not seeing a forum option to upload attachments. :smileylaugh: ... View more

Re: Re: Slow Performanced Based on Order of ACL Rules

by in General Topics
‎07-08-2014 09:06 AM
‎07-08-2014 09:06 AM
Will get those to you shortly. One question on the buffer output... Hardware Pools [ 0] Packet Buffers :    11341/11468    0x8000000031000000 [ 1] Work Queue Entries        : 229309/229376  0x8000000037ffe000 [ 2] Output Buffers :    1006/1024    0x8000000039bfe000 [ 3] DFA Result :    3999/4000    0x8000000039cfe000 [ 4] Timer Buffers :    4092/4096    0x800000003a0e6000 [ 5] PAN_FPA_LWM_POOL :    1024/1024    0x8000000000e9f200 [ 6] PAN_FPA_ZIP_POOL :    1023/1024    0x800000003a4e6000 [ 7] PAN_FPA_BLAST_POOL :    1024/1024    0x800000000ff00000 Software Pools [ 0] software packet buffer 0  : 32767/32768    0x800000003a6e6680 [ 1] software packet buffer 1  : 32768/32768    0x800000003b706700 [ 2] software packet buffer 2  : 81920/81920    0x800000003d726780 [ 3] software packet buffer 3  : 20480/20480    0x8000000047776800 The buffers say for example 32767/32768. Does this imply the buffer is almost full? Or is it specifying it is empty? ... View more

Re: Slow Performanced Based on Order of ACL Rules

by in General Topics
‎07-08-2014 09:03 AM
‎07-08-2014 09:03 AM
Thanks for your input! In this firewall, we do not have any rules which have an application specified along with service ANY. We do however have several rules which list an application with service "application-default". Is it faster processing wise to explicitly list the port as oppose to app default? ... View more

Re: Slow Performanced Based on Order of ACL Rules

by in General Topics
‎07-08-2014 09:00 AM
‎07-08-2014 09:00 AM
show counter global filter delta yes  ( repeat the same command 5 times) Global counters: Elapsed time since last sampling: 156.760 seconds name                                   value     rate severity  category  aspect    description -------------------------------------------------------------------------------- pkt_recv                              569924     3635 info      packet    pktproc   Packets received pkt_recv_zero                         569190     3630 info      packet    pktproc   Packets received from QoS 0 pkt_sent                              559573     3569 info      packet    pktproc   Packets transmitted pkt_alloc                             588942     3756 info      packet    resource  Packets allocated session_allocated                        846        5 info      session   resource  Sessions allocated session_freed                            874        5 info      session   resource  Sessions freed session_installed                        843        5 info      session   resource  Sessions installed session_discard                            3        0 info      session   resource  Session set to discard by security policy check flow_rcv_dot1q_tag_err                   247        1 drop      flow      parse     Packets dropped: 802.1q tag not configured flow_no_interface                        247        1 drop      flow      parse     Packets dropped: invalid interface flow_ipv6_disabled                       471        3 drop      flow      parse     Packets dropped: IPv6 disabled on interface flow_policy_deny                         176        1 drop      flow      session   Session setup: denied by policy flow_tcp_non_syn                          52        0 info      flow      session   Non-SYN TCP packets without session match flow_tcp_non_syn_drop                     52        0 drop      flow      session   Packets dropped: non-SYN TCP without session match flow_fwd_l3_bcast_drop                    18        0 drop      flow      forward   Packets dropped: unhandled IP broadcast flow_fwd_l3_mcast_drop                   376        2 drop      flow      forward   Packets dropped: no route for IP multicast flow_fwd_l3_noarp                         58        0 drop      flow      forward   Packets dropped: no ARP flow_fwd_zonechange                       31        0 drop      flow      forward   Packets dropped: forwarded to different zone flow_parse_unmatched_icmperr              77        0 info      flow      parse     Packets dropped: Unmatched ICMP error message flow_dos_rule_allow_under_rate             6        0 info      flow      dos       Packets allowed: Rate within thresholds of DoS policy flow_dos_rule_match                        6        0 info      flow      dos       Packets matched DoS policy flow_dos_rule_nomatch                    840        5 info      flow      dos       Packets not matched DoS policy flow_dos_ag_curr_sess_add_incr             6        0 info      flow      dos       Incremented aggregate current session count on session create flow_dos_ag_curr_sess_del_decr             5        0 info      flow      dos       Decremented aggregate current session count on session delete flow_dos_cl_curr_sess_add_incr             6        0 info      flow      dos       Incremented classified current session count on session create flow_dos_cl_curr_sess_del_decr             5        0 info      flow      dos       Decremented classified current session count on session delete flow_dos_ag_buckets_upd                  314        2 info      flow      dos       Updated aggregate buckets for aging flow_action_close                          2        0 drop      flow      pktproc   TCP sessions closed via injecting RST flow_arp_pkt_rcv                         178        1 info      flow      arp       ARP packets received flow_arp_pkt_xmt                         122        0 info      flow      arp       ARP packets transmitted flow_arp_pkt_replied                     114        0 info      flow      arp       ARP requests replied flow_arp_rcv_gratuitous                   19        0 info      flow      arp       Gratuitous ARP packets received flow_arp_resolve_xmt                      26        0 info      flow      arp       ARP resolution packets transmitted flow_host_pkt_rcv                        734        4 info      flow      mgmt      Packets received from control plane flow_host_pkt_xmt                       1437        9 info      flow      mgmt      Packets transmitted to control plane flow_host_service_allow                   95        0 info      flow      mgmt      Device management session allowed flow_health_monitor_rcv                  673        4 info      flow      mgmt      Health monitoring packet received flow_health_monitor_xmt                  673        4 info      flow      mgmt      Health monitoring packet transmitted appid_ident_by_icmp                      201        1 info      appid     pktproc   Application identified by icmp type appid_ident_by_dport_first               156        0 info      appid     pktproc   Application identified by L4 dport first appid_ident_by_dport                      12        0 info      appid     pktproc   Application identified by L4 dport appid_proc                               443        2 info      appid     pktproc   The number of packets processed by Application identification appid_use_dfa_1                          258        1 info      appid     pktproc   The number of packets using the second DFA table appid_unknown_fini_empty                 109        0 info      appid     pktproc   The number of unknown applications because of no data nat_static_xlat                            4        0 info      nat       resource  The total number of static NAT translate called nat_static_release                         6        0 info      nat       resource  The total number of static NAT release called nat_dynamic_port_xlat                     15        0 info      nat       resource  The total number of dynamic_ip_port NAT translate called nat_dynamic_port_release                  15        0 info      nat       resource  The total number of dynamic_ip_port NAT release called dfa_dte_request_total                 147094      938 info      dfa       offload   The total number of dfa match using dte dfa_hte_in_cache_lookup               146276      933 info      dfa       offload   The total number of requests to an in cache HFA graph tcp_case_2                               209        1 info      tcp       pktproc   tcp reassembly case 2 ctd_sml_exit_detector_i                   27        0 info      ctd       pktproc   The number of sessions with sml exit in detector i appid_bypass_no_ctd                       12        0 info      appid     pktproc   appid bypass due to no ctd ctd_err_bypass                            27        0 info      ctd       pktproc   ctd error bypass ctd_run_pattern_match_failure             20        0 info      ctd       pktproc   Run pattern match failure ctd_do_pattern_match                      20        0 info      ctd       pktproc   do pattern match ctd_sml_vm_run_impl_opcodeexit            27        0 info      ctd       pktproc   SML VM opcode exit [64;1H [K [7mlines 1-63  [27m [64;1H [64;1H [Kctd_sml_vm_run_impl_immed8000            662        4 info      ctd       pktproc   SML VM immed8000 ctd_sml_vm_check_domain                  159        1 info      ctd       pktproc   sml vm check domain ctd_sml_opcode_set_file_type             688        4 info      ctd       pktproc   sml opcode set file type ctd_filter_decode_failure_zip             34        0 error     ctd       pktproc   Number of decode filter failure for zip ctd_bloom_filter_nohit                   162        1 info      ctd       pktproc   The number of no match for virus bloom filter ctd_bloom_filter_hit                       9        0 info      ctd       pktproc   The number of match for virus bloom filter ctd_bloom_filter_pattern_notfound          9        0 info      ctd       pktproc   The number of missing pattern match for virus bloom filter aho_fpga                              297239     1896 info      aho       resource  The total requests to FPGA for AHO aho_sw                                    97        0 info      aho       pktproc   The total usage of software for AHO ctd_appid_reassign                     48318      308 info      ctd       pktproc   appid was changed ctd_url_block                              1        0 info      ctd       pktproc   sessions blocked by url filtering ctd_pkt_slowpath                      149601      954 info      ctd       pktproc   Packets processed by slowpath ha_msg_sent                           290908     1855 info      ha        system    HA: messages sent ha_msg_recv                              313        1 info      ha        system    HA: messages received ha_session_setup_msg_sent                712        4 info      ha        pktproc   HA: session setup messages sent ha_session_teardown_msg_sent             398        2 info      ha        pktproc   HA: session teardown messages sent ha_session_update_msg_sent            289539     1847 info      ha        pktproc   HA: session update messages sent ha_arp_update_msg_sent                   102        0 info      ha        pktproc   HA: ARP update messages sent ha_ha2_monitor_msg_sent                  313        1 info      ha        pktproc   HA: HA2 monitor message messages sent ha_ha2_monitor_msg_recv                  313        1 info      ha        pktproc   HA: HA2 monitor message messages received log_vulnerability_cnt                   2066       13 info      log       system    Number of vulnerability logs log_fileext_cnt                           18        0 info      log       system    Number of file block logs log_traffic_cnt                          980        6 info      log       system    Number of traffic logs zip_process_total                        104        0 info      zip       pktproc   The total number of zip engine decompress process zip_process_failure                       34        0 info      zip       pktproc   The number of failures for zip decompress process pkt_nac_result                        297239     1896 info      packet    resource  Packets entered module nac stage result pkt_flow_np                           271951     1734 info      packet    resource  Packets entered module flow stage np pkt_flow_host                            734        4 info      packet    resource  Packets entered module flow stage host -------------------------------------------------------------------------------- Total counters shown: 85 -------------------------------------------------------------------------------- Global counters: Elapsed time since last sampling: 4.680 seconds name                                   value     rate severity  category  aspect    description -------------------------------------------------------------------------------- pkt_recv                               19543     4175 info      packet    pktproc   Packets received pkt_recv_zero                          19522     4171 info      packet    pktproc   Packets received from QoS 0 pkt_sent                               17488     3736 info      packet    pktproc   Packets transmitted pkt_alloc                              20124     4300 info      packet    resource  Packets allocated session_allocated                         50       10 info      session   resource  Sessions allocated session_freed                             18        3 info      session   resource  Sessions freed session_installed                         50       10 info      session   resource  Sessions installed flow_rcv_dot1q_tag_err                     6        1 drop      flow      parse     Packets dropped: 802.1q tag not configured flow_no_interface                          6        1 drop      flow      parse     Packets dropped: invalid interface flow_ipv6_disabled                        19        4 drop      flow      parse     Packets dropped: IPv6 disabled on interface flow_policy_deny                           5        1 drop      flow      session   Session setup: denied by policy flow_fwd_l3_bcast_drop                     2        0 drop      flow      forward   Packets dropped: unhandled IP broadcast flow_fwd_l3_mcast_drop                    12        2 drop      flow      forward   Packets dropped: no route for IP multicast flow_fwd_l3_noarp                          3        0 drop      flow      forward   Packets dropped: no ARP flow_fwd_zonechange                        1        0 drop      flow      forward   Packets dropped: forwarded to different zone flow_parse_unmatched_icmperr               6        1 info      flow      parse     Packets dropped: Unmatched ICMP error message flow_dos_rule_nomatch                     50       10 info      flow      dos       Packets not matched DoS policy flow_dos_ag_buckets_upd                    9        1 info      flow      dos       Updated aggregate buckets for aging flow_arp_pkt_rcv                           5        1 info      flow      arp       ARP packets received flow_arp_pkt_replied                       1        0 info      flow      arp       ARP requests replied flow_host_pkt_rcv                         21        4 info      flow      mgmt      Packets received from control plane flow_host_pkt_xmt                         39        8 info      flow      mgmt      Packets transmitted to control plane flow_host_service_allow                    4        0 info      flow      mgmt      Device management session allowed flow_health_monitor_rcv                   18        3 info      flow      mgmt      Health monitoring packet received flow_health_monitor_xmt                   18        3 info      flow      mgmt      Health monitoring packet transmitted appid_ident_by_icmp                       12        2 info      appid     pktproc   Application identified by icmp type appid_ident_by_dport_first                 1        0 info      appid     pktproc   Application identified by L4 dport first appid_proc                                30        6 info      appid     pktproc   The number of packets processed by Application identification appid_use_dfa_1                           13        2 info      appid     pktproc   The number of packets using the second DFA table appid_unknown_fini_empty                   7        1 info      appid     pktproc   The number of unknown applications because of no data nat_static_xlat                            2        0 info      nat       resource  The total number of static NAT translate called dfa_dte_request_total                   5534     1182 info      dfa       offload   The total number of dfa match using dte dfa_hte_in_cache_lookup                 5465     1167 info      dfa       offload   The total number of requests to an in cache HFA graph tcp_case_2                                 8        1 info      tcp       pktproc   tcp reassembly case 2 ctd_sml_exit_detector_i                    3        0 info      ctd       pktproc   The number of sessions with sml exit in detector i appid_bypass_no_ctd                        3        0 info      appid     pktproc   appid bypass due to no ctd ctd_err_bypass                             3        0 info      ctd       pktproc   ctd error bypass ctd_run_pattern_match_failure              1        0 info      ctd       pktproc   Run pattern match failure ctd_do_pattern_match                       1        0 info      ctd       pktproc   do pattern match ctd_sml_vm_run_impl_opcodeexit             3        0 info      ctd       pktproc   SML VM opcode exit ctd_sml_vm_run_impl_immed8000             20        4 info      ctd       pktproc   SML VM immed8000 ctd_sml_vm_check_domain                    1        0 info      ctd       pktproc   sml vm check domain ctd_sml_opcode_set_file_type              21        4 info      ctd       pktproc   sml opcode set file type ctd_bloom_filter_nohit                     1        0 info      ctd       pktproc   The number of no match for virus bloom filter aho_fpga                               11017     2354 info      aho       resource  The total requests to FPGA for AHO aho_sw                                    14        2 info      aho       pktproc   The total usage of software for AHO ctd_appid_reassign                      1871      399 info      ctd       pktproc   appid was changed ctd_pkt_slowpath                        5573     1190 info      ctd       pktproc   Packets processed by slowpath ha_msg_sent                             9091     1942 info      ha        system    HA: messages sent ha_msg_recv                               10        2 info      ha        system    HA: messages received ha_session_setup_msg_sent                 40        8 info      ha        pktproc   HA: session setup messages sent ha_session_teardown_msg_sent               8        1 info      ha        pktproc   HA: session teardown messages sent ha_session_update_msg_sent              9037     1930 info      ha        pktproc   HA: session update messages sent ha_arp_update_msg_sent                     1        0 info      ha        pktproc   HA: ARP update messages sent ha_ha2_monitor_msg_sent                   10        2 info      ha        pktproc   HA: HA2 monitor message messages sent ha_ha2_monitor_msg_recv                   10        2 info      ha        pktproc   HA: HA2 monitor message messages received log_vulnerability_cnt                     48       10 info      log       system    Number of vulnerability logs [64;1H [K [7mlines 1-63  [27m [64;1H [64;1H [Klog_fileext_cnt                            4        0 info      log       system    Number of file block logs log_traffic_cnt                           23        4 info      log       system    Number of traffic logs pkt_nac_result                         11017     2354 info      packet    resource  Packets entered module nac stage result pkt_flow_np                             8506     1817 info      packet    resource  Packets entered module flow stage np pkt_flow_host                             21        4 info      packet    resource  Packets entered module flow stage host -------------------------------------------------------------------------------- Total counters shown: 62 -------------------------------------------------------------------------------- Global counters: Elapsed time since last sampling: 3.820 seconds name                                   value     rate severity  category  aspect    description -------------------------------------------------------------------------------- pkt_recv                               18988     4970 info      packet    pktproc   Packets received pkt_recv_zero                          18967     4965 info      packet    pktproc   Packets received from QoS 0 pkt_sent                               16860     4413 info      packet    pktproc   Packets transmitted pkt_alloc                              19541     5115 info      packet    resource  Packets allocated session_allocated                         50       13 info      session   resource  Sessions allocated session_freed                             18        4 info      session   resource  Sessions freed session_installed                         50       13 info      session   resource  Sessions installed flow_rcv_dot1q_tag_err                     7        1 drop      flow      parse     Packets dropped: 802.1q tag not configured flow_no_interface                          7        1 drop      flow      parse     Packets dropped: invalid interface flow_ipv6_disabled                        12        3 drop      flow      parse     Packets dropped: IPv6 disabled on interface flow_policy_deny                           6        1 drop      flow      session   Session setup: denied by policy flow_tcp_non_syn                           1        0 info      flow      session   Non-SYN TCP packets without session match flow_tcp_non_syn_drop                      1        0 drop      flow      session   Packets dropped: non-SYN TCP without session match flow_fwd_l3_mcast_drop                     9        2 drop      flow      forward   Packets dropped: no route for IP multicast flow_fwd_zonechange                        1        0 drop      flow      forward   Packets dropped: forwarded to different zone flow_dos_rule_allow_under_rate             1        0 info      flow      dos       Packets allowed: Rate within thresholds of DoS policy flow_dos_rule_match                        1        0 info      flow      dos       Packets matched DoS policy flow_dos_rule_nomatch                     49       12 info      flow      dos       Packets not matched DoS policy flow_dos_ag_curr_sess_add_incr             1        0 info      flow      dos       Incremented aggregate current session count on session create flow_dos_cl_curr_sess_add_incr             1        0 info      flow      dos       Incremented classified current session count on session create flow_dos_ag_buckets_upd                    8        2 info      flow      dos       Updated aggregate buckets for aging flow_arp_pkt_rcv                           3        0 info      flow      arp       ARP packets received flow_arp_pkt_replied                       3        0 info      flow      arp       ARP requests replied flow_host_pkt_rcv                         21        5 info      flow      mgmt      Packets received from control plane flow_host_pkt_xmt                         45       11 info      flow      mgmt      Packets transmitted to control plane flow_host_service_allow                    3        0 info      flow      mgmt      Device management session allowed flow_health_monitor_rcv                   19        4 info      flow      mgmt      Health monitoring packet received flow_health_monitor_xmt                   19        4 info      flow      mgmt      Health monitoring packet transmitted appid_ident_by_icmp                        8        2 info      appid     pktproc   Application identified by icmp type appid_ident_by_dport_first                16        4 info      appid     pktproc   Application identified by L4 dport first appid_proc                                27        7 info      appid     pktproc   The number of packets processed by Application identification appid_use_dfa_1                           12        3 info      appid     pktproc   The number of packets using the second DFA table appid_unknown_fini_empty                   3        0 info      appid     pktproc   The number of unknown applications because of no data dfa_dte_request_total                   5339     1397 info      dfa       offload   The total number of dfa match using dte dfa_hte_in_cache_lookup                 5309     1389 info      dfa       offload   The total number of requests to an in cache HFA graph tcp_case_2                                 7        1 info      tcp       pktproc   tcp reassembly case 2 ctd_sml_vm_run_impl_immed8000             19        4 info      ctd       pktproc   SML VM immed8000 ctd_sml_vm_check_domain                   16        4 info      ctd       pktproc   sml vm check domain ctd_sml_opcode_set_file_type              19        4 info      ctd       pktproc   sml opcode set file type ctd_filter_decode_failure_zip              7        1 error     ctd       pktproc   Number of decode filter failure for zip ctd_bloom_filter_nohit                    16        4 info      ctd       pktproc   The number of no match for virus bloom filter aho_fpga                               10766     2818 info      aho       resource  The total requests to FPGA for AHO aho_sw                                     2        0 info      aho       pktproc   The total usage of software for AHO ctd_appid_reassign                      1814      474 info      ctd       pktproc   appid was changed ctd_pkt_slowpath                        5435     1422 info      ctd       pktproc   Packets processed by slowpath ha_msg_sent                             8751     2290 info      ha        system    HA: messages sent ha_msg_recv                                8        2 info      ha        system    HA: messages received ha_session_setup_msg_sent                 45       11 info      ha        pktproc   HA: session setup messages sent ha_session_teardown_msg_sent               8        2 info      ha        pktproc   HA: session teardown messages sent ha_session_update_msg_sent              8691     2275 info      ha        pktproc   HA: session update messages sent ha_arp_update_msg_sent                     3        0 info      ha        pktproc   HA: ARP update messages sent ha_ha2_monitor_msg_sent                    8        2 info      ha        pktproc   HA: HA2 monitor message messages sent ha_ha2_monitor_msg_recv                    8        2 info      ha        pktproc   HA: HA2 monitor message messages received log_url_req_cnt                            2        0 info      log       system    Number of url request logs log_vulnerability_cnt                     71       18 info      log       system    Number of vulnerability logs log_traffic_cnt                           23        6 info      log       system    Number of traffic logs url_db_request                             2        0 info      url       pktproc   Number of URL database request [64;1H [K [7mlines 1-63  [27m [64;1H [64;1H [Kurl_db_reply                               2        0 info      url       pktproc   Number of URL reply zip_process_total                         23        6 info      zip       pktproc   The total number of zip engine decompress process zip_process_failure                        7        1 info      zip       pktproc   The number of failures for zip decompress process pkt_nac_result                         10766     2818 info      packet    resource  Packets entered module nac stage result pkt_flow_np                             8200     2146 info      packet    resource  Packets entered module flow stage np pkt_flow_host                             21        5 info      packet    resource  Packets entered module flow stage host -------------------------------------------------------------------------------- Total counters shown: 63 -------------------------------------------------------------------------------- Global counters: Elapsed time since last sampling: 4.722 seconds name                                   value     rate severity  category  aspect    description -------------------------------------------------------------------------------- pkt_recv                               18897     4001 info      packet    pktproc   Packets received pkt_recv_zero                          18875     3997 info      packet    pktproc   Packets received from QoS 0 pkt_sent                               16528     3500 info      packet    pktproc   Packets transmitted pkt_alloc                              19459     4120 info      packet    resource  Packets allocated session_allocated                         33        6 info      session   resource  Sessions allocated session_freed                             39        8 info      session   resource  Sessions freed session_installed                         33        6 info      session   resource  Sessions installed session_discard                            1        0 info      session   resource  Session set to discard by security policy check flow_rcv_dot1q_tag_err                     9        1 drop      flow      parse     Packets dropped: 802.1q tag not configured flow_no_interface                          9        1 drop      flow      parse     Packets dropped: invalid interface flow_ipv6_disabled                        14        2 drop      flow      parse     Packets dropped: IPv6 disabled on interface flow_policy_deny                           2        0 drop      flow      session   Session setup: denied by policy flow_fwd_l3_mcast_drop                    13        2 drop      flow      forward   Packets dropped: no route for IP multicast flow_fwd_l3_noarp                          3        0 drop      flow      forward   Packets dropped: no ARP flow_fwd_zonechange                        1        0 drop      flow      forward   Packets dropped: forwarded to different zone flow_parse_unmatched_icmperr               6        1 info      flow      parse     Packets dropped: Unmatched ICMP error message flow_dos_rule_nomatch                     33        6 info      flow      dos       Packets not matched DoS policy flow_dos_ag_buckets_upd                    9        1 info      flow      dos       Updated aggregate buckets for aging flow_arp_pkt_rcv                           4        0 info      flow      arp       ARP packets received flow_arp_pkt_xmt                           1        0 info      flow      arp       ARP packets transmitted flow_arp_pkt_replied                       2        0 info      flow      arp       ARP requests replied flow_arp_resolve_xmt                       1        0 info      flow      arp       ARP resolution packets transmitted flow_host_pkt_rcv                         22        4 info      flow      mgmt      Packets received from control plane flow_host_pkt_xmt                         43        9 info      flow      mgmt      Packets transmitted to control plane flow_host_service_allow                    1        0 info      flow      mgmt      Device management session allowed flow_health_monitor_rcv                   21        4 info      flow      mgmt      Health monitoring packet received flow_health_monitor_xmt                   21        4 info      flow      mgmt      Health monitoring packet transmitted appid_ident_by_icmp                        9        1 info      appid     pktproc   Application identified by icmp type appid_ident_by_dport_first                 5        1 info      appid     pktproc   Application identified by L4 dport first appid_proc                                15        3 info      appid     pktproc   The number of packets processed by Application identification appid_use_dfa_1                           13        2 info      appid     pktproc   The number of packets using the second DFA table appid_unknown_fini_empty                  10        2 info      appid     pktproc   The number of unknown applications because of no data nat_dynamic_port_xlat                      2        0 info      nat       resource  The total number of dynamic_ip_port NAT translate called dfa_dte_request_total                   5384     1140 info      dfa       offload   The total number of dfa match using dte dfa_hte_in_cache_lookup                 5361     1135 info      dfa       offload   The total number of requests to an in cache HFA graph tcp_case_2                                 3        0 info      tcp       pktproc   tcp reassembly case 2 ctd_sml_exit_detector_i                    1        0 info      ctd       pktproc   The number of sessions with sml exit in detector i appid_bypass_no_ctd                        1        0 info      appid     pktproc   appid bypass due to no ctd ctd_err_bypass                             1        0 info      ctd       pktproc   ctd error bypass ctd_run_pattern_match_failure              1        0 info      ctd       pktproc   Run pattern match failure ctd_do_pattern_match                       1        0 info      ctd       pktproc   do pattern match ctd_sml_vm_run_impl_opcodeexit             1        0 info      ctd       pktproc   SML VM opcode exit ctd_sml_vm_run_impl_immed8000             20        4 info      ctd       pktproc   SML VM immed8000 ctd_sml_vm_check_domain                    3        0 info      ctd       pktproc   sml vm check domain ctd_sml_opcode_set_file_type              21        4 info      ctd       pktproc   sml opcode set file type ctd_bloom_filter_nohit                     3        0 info      ctd       pktproc   The number of no match for virus bloom filter aho_fpga                               10839     2295 info      aho       resource  The total requests to FPGA for AHO aho_sw                                     4        0 info      aho       pktproc   The total usage of software for AHO ctd_appid_reassign                      1798      380 info      ctd       pktproc   appid was changed ctd_url_block                              1        0 info      ctd       pktproc   sessions blocked by url filtering ctd_pkt_slowpath                        5447     1153 info      ctd       pktproc   Packets processed by slowpath ha_msg_sent                             8598     1820 info      ha        system    HA: messages sent ha_msg_recv                                9        1 info      ha        system    HA: messages received ha_session_setup_msg_sent                 24        5 info      ha        pktproc   HA: session setup messages sent ha_session_teardown_msg_sent               7        1 info      ha        pktproc   HA: session teardown messages sent ha_session_update_msg_sent              8560     1812 info      ha        pktproc   HA: session update messages sent ha_arp_update_msg_sent                     3        0 info      ha        pktproc   HA: ARP update messages sent [64;1H [K [7mlines 1-63  [27m [64;1H [64;1H [Kha_ha2_monitor_msg_sent                    9        1 info      ha        pktproc   HA: HA2 monitor message messages sent ha_ha2_monitor_msg_recv                    9        1 info      ha        pktproc   HA: HA2 monitor message messages received log_vulnerability_cnt                     69       14 info      log       system    Number of vulnerability logs log_traffic_cnt                           33        6 info      log       system    Number of traffic logs pkt_nac_result                         10839     2295 info      packet    resource  Packets entered module nac stage result pkt_flow_np                             8036     1701 info      packet    resource  Packets entered module flow stage np pkt_flow_host                             22        4 info      packet    resource  Packets entered module flow stage host -------------------------------------------------------------------------------- Total counters shown: 64 -------------------------------------------------------------------------------- Global counters: Elapsed time since last sampling: 3.18  seconds name                                   value     rate severity  category  aspect    description -------------------------------------------------------------------------------- pkt_recv                                1006      333 info      packet    pktproc   Packets received pkt_recv_zero                            994      329 info      packet    pktproc   Packets received from QoS 0 pkt_sent                                1832      607 info      packet    pktproc   Packets transmitted pkt_alloc                               1075      356 info      packet    resource  Packets allocated session_allocated                         13        4 info      session   resource  Sessions allocated session_freed                             15        4 info      session   resource  Sessions freed session_installed                         13        4 info      session   resource  Sessions installed flow_rcv_dot1q_tag_err                     4        1 drop      flow      parse     Packets dropped: 802.1q tag not configured flow_no_interface                          4        1 drop      flow      parse     Packets dropped: invalid interface flow_ipv6_disabled                         6        1 drop      flow      parse     Packets dropped: IPv6 disabled on interface flow_policy_deny                           3        0 drop      flow      session   Session setup: denied by policy flow_fwd_l3_mcast_drop                     9        2 drop      flow      forward   Packets dropped: no route for IP multicast flow_fwd_l3_noarp                          1        0 drop      flow      forward   Packets dropped: no ARP flow_parse_unmatched_icmperr               1        0 info      flow      parse     Packets dropped: Unmatched ICMP error message flow_dos_rule_allow_under_rate             1        0 info      flow      dos       Packets allowed: Rate within thresholds of DoS policy flow_dos_rule_match                        1        0 info      flow      dos       Packets matched DoS policy flow_dos_rule_nomatch                     12        3 info      flow      dos       Packets not matched DoS policy flow_dos_ag_curr_sess_add_incr             1        0 info      flow      dos       Incremented aggregate current session count on session create flow_dos_cl_curr_sess_add_incr             1        0 info      flow      dos       Incremented classified current session count on session create flow_dos_ag_buckets_upd                    6        1 info      flow      dos       Updated aggregate buckets for aging flow_arp_pkt_rcv                           3        0 info      flow      arp       ARP packets received flow_arp_pkt_replied                       1        0 info      flow      arp       ARP requests replied flow_arp_rcv_gratuitous                    1        0 info      flow      arp       Gratuitous ARP packets received flow_host_pkt_rcv                         12        3 info      flow      mgmt      Packets received from control plane flow_host_pkt_xmt                         19        6 info      flow      mgmt      Packets transmitted to control plane flow_host_service_allow                    2        0 info      flow      mgmt      Device management session allowed flow_health_monitor_rcv                   11        3 info      flow      mgmt      Health monitoring packet received flow_health_monitor_xmt                   11        3 info      flow      mgmt      Health monitoring packet transmitted appid_ident_by_icmp                        4        1 info      appid     pktproc   Application identified by icmp type appid_proc                                 9        2 info      appid     pktproc   The number of packets processed by Application identification appid_use_dfa_1                            7        2 info      appid     pktproc   The number of packets using the second DFA table dfa_dte_request_total                    106       35 info      dfa       offload   The total number of dfa match using dte dfa_hte_in_cache_lookup                   99       32 info      dfa       offload   The total number of requests to an in cache HFA graph ctd_sml_vm_run_impl_immed8000             12        3 info      ctd       pktproc   SML VM immed8000 ctd_sml_opcode_set_file_type              15        4 info      ctd       pktproc   sml opcode set file type aho_fpga                                  85       28 info      aho       resource  The total requests to FPGA for AHO ctd_pkt_slowpath                         102       33 info      ctd       pktproc   Packets processed by slowpath ha_msg_sent                              984      326 info      ha        system    HA: messages sent ha_msg_recv                                6        1 info      ha        system    HA: messages received ha_session_setup_msg_sent                 11        3 info      ha        pktproc   HA: session setup messages sent ha_session_teardown_msg_sent               7        2 info      ha        pktproc   HA: session teardown messages sent ha_session_update_msg_sent               962      318 info      ha        pktproc   HA: session update messages sent ha_arp_update_msg_sent                     1        0 info      ha        pktproc   HA: ARP update messages sent ha_ha2_monitor_msg_sent                    6        1 info      ha        pktproc   HA: HA2 monitor message messages sent ha_ha2_monitor_msg_recv                    6        1 info      ha        pktproc   HA: HA2 monitor message messages received log_traffic_cnt                           21        6 info      log       system    Number of traffic logs pkt_nac_result                            85       28 info      packet    resource  Packets entered module nac stage result pkt_flow_np                              909      301 info      packet    resource  Packets entered module flow stage np pkt_flow_host                             12        3 info      packet    resource  Packets entered module flow stage host -------------------------------------------------------------------------------- Total counters shown: 49 -------------------------------------------------------------------------------- ... View more

Re: Slow Performanced Based on Order of ACL Rules

by in General Topics
‎07-08-2014 08:58 AM
‎07-08-2014 08:58 AM
debug data-plane pool statistics Hardware Pools [ 0] Packet Buffers :    11341/11468    0x8000000031000000 [ 1] Work Queue Entries        : 229309/229376   0x8000000037ffe000 [ 2] Output Buffers :     1006/1024     0x8000000039bfe000 [ 3] DFA Result :     3999/4000     0x8000000039cfe000 [ 4] Timer Buffers :     4092/4096     0x800000003a0e6000 [ 5] PAN_FPA_LWM_POOL :     1024/1024     0x8000000000e9f200 [ 6] PAN_FPA_ZIP_POOL :     1023/1024     0x800000003a4e6000 [ 7] PAN_FPA_BLAST_POOL :     1024/1024     0x800000000ff00000 Software Pools [ 0] software packet buffer 0  : 32767/32768    0x800000003a6e6680 [ 1] software packet buffer 1  : 32768/32768    0x800000003b706700 [ 2] software packet buffer 2  : 81920/81920    0x800000003d726780 [ 3] software packet buffer 3  : 20480/20480    0x8000000047776800 [ 4] software packet buffer 4  :      304/304 0x800000007018a880 [ 5] ZIP Results :     1024/1024     0x8000000084d4c0e0 [ 6] CTD Flow :   261635/262144   0x8000000084d66080 [ 7] CTD AV Block : 32/32       0x80000000a20bd340 [ 8] SML VM Fields :   524001/524288   0x80000000a20c5440 [ 9] SML VM Vchecks :    65536/65536    0x80000000a32c54c0 [10] Detector Threats :   196189/196608   0x80000000a3405540 [11] CTD DLP FLOW :    65536/65536    0x80000000a5da5608 [12] CTD DLP DATA :     4096/4096     0x80000000a65e5688 [13] CTD DECODE FILTER :    65536/65536    0x80000000a69e9710 [14] Regex Results :     8000/8000     0x80000000a6d4a088 [15] TIMER Chunk :   131072/131072   0x80000000aeca5ae0 [16] FPTCP segs :    32768/32768    0x80000000b0d25b60 [17] Proxy session :     7936/7936     0x80000000b0dc5be0 [18] SSL Handshake State :     7936/7936     0x80000000b1096860 [19] SSL State :    15872/15872    0x80000000b19564e0 [20] SSL Handshake MAC State   : 17464/17464    0x80000000b25a0d60 [21] SSH Handshake State :       64/64 0x80000000b27d3ac0 [22] SSH State :      512/512 0x80000000b2841640 [23] TCP host connections :       15/16 0x80000000b297d020 show system statistics session Device is up          : 7 days 0 hour 39 mins 39 sec Packet rate           : 196/s Throughput : 479 Kbps Total active sessions : 818 Active TCP sessions   : 503 Active UDP sessions   : 311 Active ICMP sessions  : 4 show running resource-monitor Resource monitoring sampling data (per second): CPU load sampling by group: flow_lookup :     5% flow_fastpath :     5% flow_slowpath :     5% flow_forwarding :     5% flow_mgmt :     1% flow_ctrl :     1% nac_result :     5% flow_np : 5% dfa_result :     5% module_internal :     5% aho_result :     5% zip_result :     5% pktlog_forwarding :     6% lwm :     0% flow_host :     1% show session info -------------------------------------------------------------------------------- Number of sessions supported: 262142 Number of active sessions: 845 Number of active TCP sessions: 505 Number of active UDP sessions: 330 Number of active ICMP sessions: 10 Number of active BCAST sessions: 0 Number of active MCAST sessions: 0 Number of active predict sessions: 0 Session table utilization: 0% Number of sessions created since bootup:         4899529 Packet rate: 296/s Throughput: 955 kbps New connection establish rate: 0 cps -------------------------------------------------------------------------------- Session timeout TCP default timeout: 3600 secs TCP session timeout before SYN-ACK received:      5 secs TCP session timeout before 3-way handshaking:    10 secs TCP session timeout after FIN/RST: 30 secs UDP default timeout: 30 secs ICMP default timeout: 6 secs other IP default timeout: 30 secs Captive Portal session timeout: 30 secs Session timeout in discard state: TCP: 90 secs, UDP: 60 secs, other IP protocols: 60 secs -------------------------------------------------------------------------------- Session accelerated aging: True Accelerated aging threshold: 80% of utilization Scaling factor: 2 X -------------------------------------------------------------------------------- Session setup TCP - reject non-SYN first packet: True Hardware session offloading: True IPv6 firewalling: True -------------------------------------------------------------------------------- Application trickling scan parameters: Timeout to determine application trickling:    10 secs Resource utilization threshold to start scan:  80% Scan scaling factor over regular aging:        8 -------------------------------------------------------------------------------- Session behavior when resource limit is reached: drop -------------------------------------------------------------------------------- Pcap token bucket rate : 10485760 -------------------------------------------------------------------------------- ... View more

Re: Slow Performanced Based on Order of ACL Rules

by in General Topics
‎07-08-2014 08:23 AM
‎07-08-2014 08:23 AM
Thanks for the reply! We can work on getting pcaps. For the dataplane utilization, I am not sure where to get ALL of that info. In the WebGUI, I can see the DP-CPU ranges between 2-6%. We ran show system statistics session and got. The average throughput was 400-800k. The sessions were ~900. ... View more

Slow Performanced Based on Order of ACL Rules

by in General Topics
‎07-08-2014 08:03 AM
‎07-08-2014 08:03 AM
We have several PAN 3020s at a client site with similar issues but for this, I’ll focus on a specific case. One pair in Active\Passive HA has 124 rules. We started noticing really slow RDP connect performance. (it would take 45 seconds to establish an RDP session to a target where the traffic was passed through the firewall). Out of the 124 rules, the rule which this RDP traffic matched on was around rule 100. If we moved that rule up earlier in the ACL to say, rule 5, the RDP session would only take 10 seconds or less to establish. So initially, it is looking like the further down the ACL the rule is, the longer it takes the PAN to process that traffic. However, seeing that the 3020 supports up to 2500 policies and we only have 124, I wanted to check with you as it doesn’t seem right. We are not doing any PBF here. Or App-ID override. Jumbo frames are enabled. ... View more

Re: User-ID records timing out?

by in General Topics
‎06-20-2014 08:24 AM
‎06-20-2014 08:24 AM
I am guessing that is it. num of initial probe made           : 115617 num of initial probe succeeded      : 3 num of initial probe failed         : 115514 num of periodic probe made          : 14 num of periodic probe succeeded     : 1 num of periodic probe failed        : 13 Now I just need to find out why they are failing. ... View more

User-ID records timing out?

by in General Topics
‎06-20-2014 07:16 AM
‎06-20-2014 07:16 AM
I have an environment which has multiple USER-ID agents installed/configure and the agentless option via WMI. There seems to be an issue with user-id records timing out. After x amount of time, users start matching on a catch all policy at the end because there is no longer a username tied to their IP address. If they log off and back on, it starts working fine again until it times out after x number of minutes. Is there something simple to resolving this that I am overlooking? ... View more
Labels:

Re: Except Specific IPs from port scan detection / Zone Protection

by in General Topics
‎05-21-2014 01:34 PM
‎05-21-2014 01:34 PM
Thanks for you reply. However it does not quite fit the scenario I am after. This seems like it would only work if you opened up one of your PUBLIC IPs. At that, it appears it would open up that public ip to port scanning from anywhere. All devices in this scenario are internal. There is no NAT. The vulnerablity appliance is internal and has a static IP. We need to be able to scan devices in other "internal" zones.. and would like to open up port scanning from only the source vulnerability scanner.. and no other IPs. ... View more

Except Specific IPs from port scan detection / Zone Protection

by in General Topics
‎05-20-2014 02:34 PM
‎05-20-2014 02:34 PM
I have a highly regulated environment with multiple internal security zones. We need to be able to run our vulnerability scanning solution against servers in separate zones on a routine basis. It was simple to exempt the scanner's IP from the Threat Prevention stuff (created a new security profile group which alerts on everything instead of blocking, and created a rule in the ACL to match against the scanner IP). However, the vulnerability scanner is still prevented from completing its job because of zone protection (specifically, port scanning). I would hate to have to disable the zone protection rules or change them to alert EVERY time we wish to run a scan. Any wonderful ideas? ... View more
Labels:

Re: Terminal Services Agents Server 2012

by in General Topics
‎04-18-2014 06:26 AM
‎04-18-2014 06:26 AM
panos Is the Terminal Server agent even supported on 2012? The release notes still show only up to 2008. I have been waiting forever for it to show 2012 as I have several clients waiting on it. ... View more

Re: Specify policy by machine name/workgroup?

by in General Topics
‎01-18-2014 11:08 PM
‎01-18-2014 11:08 PM
I for some reason didn't realize unknown was an available option. Thanks for the info! ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎10-27-2020 06:38 PM
Latest Tags
No tags yet
Likes Given To
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks