Commonly Used Processes/Daemons

Commonly Used Processes/Daemons

46577
Created On 04/09/19 19:18 PM - Last Modified 04/10/19 15:51 PM


Question
What are the processes running on the firewall responsible for?

Environment
Most hardware firewalls consist of a management plane and one or multiple dataplanes. Smaller platforms and VM-Series firewalls only have a management plane that runs the dataplane processes. Some larger platforms have an additional control plane, and Panorama does not have a dataplane. 

Answer
Management Plane Processes
  • Masterd: Manages all other daemons. Use CLI 'show system software status' to show all daemon statuses. 
  • Sysd: Manages inter-daemon communications. 
  • Mgmtsrvr: Management backend. Takes care of configuration management, commit, reporting, etc. 
  • Devsrvr: Takes care of pushing config to dataplane. Responsible for miscellaneous communication with dataplane (i.e., URL filtering request response). 
  • Useridd: Communicate with User-ID agents. 
  • Sslvpn: Secure web pages for SSL VPN and GlobalProtect. 
  • Rasmgr: Backend logic for SSL VPN and GlobalProtect. 
  • Sslmgr: Fulfill OCSP and CRL query request by daemons and dataplane. Manages OCSP and CRL repository. 
  • Satd: Satellite VPN. 
  • Cryptod: Encrypt and decrypt passwords, private keys, etc. in order to be included in configuration file. 
  • Ikemgr/Keymgr: ISAKMP daemon and IPSec key repository management. 
  • Authd: User authentication, lock account. 
  • Ha-agent: Manages HA status, configuration sync, etc. 
  • Logrcvr: Recording traffic log sent by dataplane. 
  • Varrcvr: Recording URL filtering log and packet capture sent by dataplane. Involved with WildFire logs. 
  • L3svc: Serves web pages for captive portal, NTLM authentication, URL admin override page and URL block page. 
  • Websrvr: Secures web pages for admin user interface. 
  • Routed: Routing daemon and dynamic routing. 
Dataplane Processes
  • Sysdagent: Communicates with sysd on management plane. Monitors dataplane and management plane. 
  • Brdagent: Configuration, management, and monitor peripheral chips and front-panel ports. 
  • Comm/pan_comm: Communicate with devsrvr. Participate in commit and other configuration changes. Pushes serialized buffer to pan_comm, which pushes to shared memory. 
  • Dha/pan_dha: Implement link/path monitoring and also responsible for status changes on interface status, etc. 
  • Mprelay: Communicate with routed, keymgr, etc. Implements VPN and PBF monitoring. Install or remove FIB and tunnels. 
  • Pan_tasks: Responsible for packet forwarding daemons. Runs on dedicated CPU cores. 
 


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLUeCAO&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language