5083
Created On 08/14/23 09:01 AM - Last Modified 09/08/23 05:18 AM
Symptom
admin@PA-VM> test routing fib-lookup ip 10.2.2.1 virtual-router default -------------------------------------------------------------------------------- runtime route lookup -------------------------------------------------------------------------------- virtual-router: default destination: 10.2.2.1 result: via 10.193.1.2 interface ethernet1/2, source 10.193.1.1, metric 10 -------------------------------------------------------------------------------- admin@PA-VM> show session all -------------------------------------------------------------------------------- ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port]) Vsys Dst[Dport]/Zone (translated IP[Port]) -------------------------------------------------------------------------------- 131 tftp ACTIVE PRED 10.1.2.2[0]/L3-Trust/17 (10.1.2.2[0]) vsys1 10.2.2.1[55477]/L3-Untrust (10.2.2.1[55477]) 130 tftp ACTIVE FLOW 10.2.2.1[55477]/L3-Untrust/17 (10.2.2.1[55477]) vsys1 10.1.2.2[69]/L3-Trust (10.1.2.2[69]) 132 tftp ACTIVE FLOW 10.1.2.2[10288]/L3-Trust/17 (10.1.2.2[10288]) vsys1 10.2.2.1[55477]/L3-Untrust (10.2.2.1[55477]) admin@PA-VM> show session id 132 Session 132 c2s flow: source: 10.1.2.2 [L3-Trust] dst: 10.2.2.1 proto: 17 sport: 10288 dport: 55477 state: ACTIVE type: FLOW src user: unknown dst user: unknown s2c flow: source: 10.2.2.1 [L3-Untrust] dst: 10.1.2.2 proto: 17 sport: 55477 dport: 10288 state: ACTIVE type: FLOW src user: unknown dst user: unknown start time : Fri Jul 14 06:10:18 2023 timeout : 30 sec time to live : 21 sec total byte count(c2s) : 67 total byte count(s2c) : 0 layer7 packet count(c2s) : 1 layer7 packet count(s2c) : 0 vsys : vsys1 application : tftp rule : all service timeout override(index) : False session to be logged at end : True session in session ager : True session updated by HA peer : False layer7 processing : enabled ctd version : 1 URL filtering enabled : False session via prediction : True use parent's policy : True parent session : 130 <==Parent session refresh parent session : True session via syn-cookies : False session terminated on host : False session traverses tunnel : False session terminate tunnel : False captive portal session : False ingress interface : ethernet1/3 egress interface : ethernet1/1 <==egress interface as per parent session QoS rule : N/A (class 4) end-reason : unknown admin@PA-VM> show session id 131 Session 131 c2s flow: source: 10.1.2.2 [L3-Trust] dst: 10.2.2.1 proto: 17 sport: 0 dport: 55477 state: ACTIVE type: PRED src user: unknown dst user: unknown s2c flow: source: 10.2.2.1 [L3-Untrust] dst: 10.1.2.2 proto: 17 sport: 55477 dport: 0 state: OPENING type: PRED src user: unknown dst user: unknown start time : Fri Jul 14 06:10:08 2023 timeout : 180 sec time to live : 137 sec total byte count(c2s) : 0 total byte count(s2c) : 0 layer7 packet count(c2s) : 0 layer7 packet count(s2c) : 0 vsys : vsys1 application : tftp rule : all service timeout override(index) : False session to be logged at end : False session in session ager : True session updated by HA peer : False parent session : 130 <==== prediction triggered by : client single-use prediction : False prediction was matched : True end-reason : unknown admin@PA-VM> show session id 130 Session 130 c2s flow: source: 10.2.2.1 [L3-Untrust] dst: 10.1.2.2 proto: 17 sport: 55477 dport: 69 state: INIT type: FLOW src user: unknown dst user: unknown s2c flow: source: 10.1.2.2 [L3-Trust] dst: 10.2.2.1 proto: 17 sport: 69 dport: 55477 state: INIT type: FLOW src user: unknown dst user: unknown start time : Fri Jul 14 06:10:08 2023 timeout : 30 sec total byte count(c2s) : 92 total byte count(s2c) : 0 layer7 packet count(c2s) : 1 layer7 packet count(s2c) : 0 vsys : vsys1 application : tftp rule : all service timeout override(index) : False session to be logged at end : True session in session ager : False session updated by HA peer : False layer7 processing : enabled URL filtering enabled : False session via syn-cookies : False session terminated on host : False session traverses tunnel : False session terminate tunnel : False captive portal session : False ingress interface : ethernet1/1 <==initiated from interface not in routing table egress interface : ethernet1/3 session QoS rule : N/A (class 4) tracker stage firewall : Aged out end-reason : aged-out