Why do some traffic report as aged-out in traffic log

Why do some traffic report as aged-out in traffic log

85622
Created On 09/04/19 23:17 PM - Last Modified 09/05/19 02:06 AM


Question
Why do some traffic report as aged-out in traffic log?

Environment
  • PANOS
  • Traffic Logs


Answer
When monitoring the traffic logs using  Monitor > logs > Traffic, some traffic is seen with the Session End Reason  as aged-out.  Any traffic that uses UDP or ICMP is seen will have session end reason as aged-out in the traffic log. This is because unlike TCP, there is there is no way for a graceful termination of UDP session and so aged-out is a legitimate session-end reason for UDP (and ICMP) sessions. 

If the application is working fine with aged-out in the traffic log, this is normal and can be ignored. 

If the application is not working or if the application is TCP, and aged-out is seen as Session End Reason, then the issue needs to be troubleshot further.


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMjLCAW&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments