Symptom
The number of active sessions does not reach the maximum number of sessions supported.
For example, on a PA-5050 running PAN-OS 6.1:
> show session info
------------------------------------------------------------
Number of sessions supported: 2000000
Number of active sessions: 1998978
Number of active TCP sessions: 1998978
------------------------------------------------------------
Cause
On the Palo Alto Networks firewall, 1024 sessions are reserved for inline management sessions. This includes connections to the firewall such as ping, ssh,and L3 interface access through https.
> show system state filter cfg.general.max-session
cfg.general.max-session: 2000002
In the above example, 2000002 - 1998978 = 1024, which is the number of sessions reserved for inline mgmt session.
owner: ymiyashita