Palo Alto Networks Knowledgebase: SSH/SSL Packet Count Low for Large Data Transfer

SSH/SSL Packet Count Low for Large Data Transfer

1127
Created On 02/07/19 23:39 PM - Last Updated 02/07/19 23:40 PM
Reporting and Logging
Resolution

Issue

A log event shows 1+ gigabytes transferred, but only 8 packets.

 

Resolution

By default, once the Palo Alto Networks firewall identifies an application using the first few initial packets, it uses the Fast Path through the hardware chip to send data. When the firewall uses Fast Path for an SSH or SSL application, it doesn't keep track of the packets because they are encrypted. It counts the bytes, though, which is why there are only 6 or 8 packets for gigabytes of data.

 

Use the following command to turn off session offload. Every packet will then be sent to the SlowPath and counted.

> set session offload no

 

Note: Setting no session offload may lower throughput performance by 15% or more. It should always be used with caution and revert back to on when troubleshooting is done.

 

See Also

For information about the Fast Path and Slow Path, see: Packet Flow in PAN-OS

 

owner: snisar



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm1dCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language