Commonly Used Processes/Daemons
Created On 04/09/19 19:18 PM - Last Modified 04/10/19 15:51 PM
What are the processes running on the firewall responsible for?
Most hardware firewalls consist of a management plane and one or multiple dataplanes. Smaller platforms and VM-Series firewalls only have a management plane that runs the dataplane processes. Some larger platforms have an additional control plane, and Panorama does not have a dataplane.
Management Plane Processes
- Masterd: Manages all other daemons. Use CLI 'show system software status' to show all daemon statuses.
- Sysd: Manages inter-daemon communications.
- Mgmtsrvr: Management backend. Takes care of configuration management, commit, reporting, etc.
- Devsrvr: Takes care of pushing config to dataplane. Responsible for miscellaneous communication with dataplane (i.e., URL filtering request response).
- Useridd: Communicate with User-ID agents.
- Sslvpn: Secure web pages for SSL VPN and GlobalProtect.
- Rasmgr: Backend logic for SSL VPN and GlobalProtect.
- Sslmgr: Fulfill OCSP and CRL query request by daemons and dataplane. Manages OCSP and CRL repository.
- Satd: Satellite VPN.
- Cryptod: Encrypt and decrypt passwords, private keys, etc. in order to be included in configuration file.
- Ikemgr/Keymgr: ISAKMP daemon and IPSec key repository management.
- Authd: User authentication, lock account.
- Ha-agent: Manages HA status, configuration sync, etc.
- Logrcvr: Recording traffic log sent by dataplane.
- Varrcvr: Recording URL filtering log and packet capture sent by dataplane. Involved with WildFire logs.
- L3svc: Serves web pages for captive portal, NTLM authentication, URL admin override page and URL block page.
- Websrvr: Secures web pages for admin user interface.
- Routed: Routing daemon and dynamic routing.
- Sysdagent: Communicates with sysd on management plane. Monitors dataplane and management plane.
- Brdagent: Configuration, management, and monitor peripheral chips and front-panel ports.
- Comm/pan_comm: Communicate with devsrvr. Participate in commit and other configuration changes. Pushes serialized buffer to pan_comm, which pushes to shared memory.
- Dha/pan_dha: Implement link/path monitoring and also responsible for status changes on interface status, etc.
- Mprelay: Communicate with routed, keymgr, etc. Implements VPN and PBF monitoring. Install or remove FIB and tunnels.
- Pan_tasks: Responsible for packet forwarding daemons. Runs on dedicated CPU cores.