Number of SSL Decrypted Sessions from SNMP OIDs and CLI Command
16304
Created On 03/15/19 16:29 PM - Last Modified 01/04/23 04:36 AM
Question
How are the values for the number of SSL Decrypted Sessions calculated for the below SNMP OIDs:
Total number of active SSL proxy sessions: 1.3.6.1.4.1.25461.2.1.2.3.7.0
SSL proxy Session utilisation percentage: 1.3.6.1.4.1.25461.2.1.2.3.8.0
How is it calculated from the CLI command below:
> show session all filter ssl-decrypt yes count yes
Environment
All PAN-OS versions
Answer
* The output of the OIDs "Total number of active SSL proxy sessions" and "SSL proxy Session utilisation percentage", is calculated across all Dataplanes of the PA Firewall, and derived from the command below:
> show system state filter-pretty sw.mprelay.s*.dp*.stats.session
SNMP OID .1.3.6.1.4.1.25461.2.1.2.3.7.0 value is the sum of "session_ssl_proxy" value for all DPs
SNMP OID 1.3.6.1.4.1.25461.2.1.2.3.8.0 value is the average utilization across all DPs calculated as below
Average for all DPs for:
Utilization% = Current sessions / Max sessions * 100%
* The command "show session all filter ssl-decrypt yes count yes", simply filters the "SSL-Decrypt" session count, from the "show session all" command.
And the "show session all" command has a limit in the number of sessions that can be shown. The limit is based on the byte size of the session which cannot be changed.
You can refer to the link below from our Knowledge base regarding this limit:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClVECA0