SSL decryption breaking file downloads

SSL decryption breaking file downloads

8594
Created On 06/01/21 20:50 PM - Last Modified 06/01/21 20:50 PM


Symptom


SSL decryption breaking file downloads on PAN-OS 10.0.

Environment


  • PAN-OS 10.0.5 and less.
  • SSL Forward Proxy decryption enabled.

Cause



The issue is found with packets getting Rejected if the L2 header has a broadcast address in the destination address. Following log messages can be found in Packet Diag Logs:
  
== 2021-03-11 11:35:42.653 -0600 ==
Packet decoded dump:
L2: ff:ff:ff:ff:ff:ff->ff:ff:ff:ff:ff:ff, type 0x0800 <<<<<<<<
IP: 1.1.1.1 > 2.2.2.2 , protocol 6
TCP: sport 443, dport 54961, seq 2417310679, ack 191684466,
Forwarding lookup, ingress interface 64
L3 mode, router 2
L2 broadcast cannot be forwarded in L3 mode normally <<<<<<<<
. . .

 

Resolution


  • This issue has been resolved in PAN-OS 10.0.6.
  • PAN-162663: Fixed an intermittent issue on the firewall where packets dropped in decrypted SSL/TLS sessions.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001VWiCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language