pan_http2_alloc() falló al acceder a sitios web durante el horario laboral

pan_http2_alloc() falló al acceder a sitios web durante el horario laboral

8220
Created On 12/19/22 03:32 AM - Last Modified 02/02/24 06:03 AM


Symptom


  • Los usuarios no pueden acceder a ningún sitio web.
  • Los "HTTP2_Protocol_Error" están presentes en los registros de la consola del inspector web.
  • El problema no se ve con pocos usuarios.
  • El problema solo está presente cuando "Strip ALPN" está deshabilitado
Contadores globales (mostrar contador global)
http2_process                              4        0 info      http2     pktproc   Number of http2 connection process
http2_stream_session_alloc                16        0 info      http2     pktproc   Number of http2 stream sessions allocated
http2_connection_window_update_sent        8        0 info      http2     pktproc   Number of http2 connection window updates sent
http2_rst_stream_recv                      4        0 info      http2     pktproc   Number of http2 RST_STREAM frames received
http2_connection_protocol_error            2        0 error     http2     pktproc   Number of http2 connections closed due to protocol violation
http2_stream_protocol_error                1        0 error     http2     pktproc   Number of http2 streams closed due to protocol violation
http2_connection_cant_write                1        0 warn      http2     pktproc   Number of http2 send frames dropped after GOAWAY is sent or received
http2_stream_map_alloc_failure             4        0 warn      http2     resource  Number of http2 stream map allocation failure
http2_header_inflate_failed                2        0 error     http2     pktproc   Number of http2 hpack inflate failures
http2_frame_drop_ingress                   2        0 info      http2     pktproc   Number of http2 frame dropped at ingress stage
http2_frame_drop_egress                    9        0 info      http2     pktproc   Number of http2 frame dropped at egress stage
http2_continuation_internal               42        0 info      http2     pktproc   Number of http2 continuation frames for CTD processing
http2_goaway_sent                          6        0 info      http2     pktproc   Number of http2 goaway frames sent
http2_rst_stream_sent                      1        0 info      http2     pktproc   Number of http2 rst_stream frames sent
http2_send_frame_queued                    6        0 info      http2     pktproc   Number of http2 send frames queued for order
http2_headers_frame_queued                42        0 info      http2     pktproc   Number of http2 send headers frames queued
http2_data_frame_queued                  143        1 info      http2     pktproc   Number of http2 send data frames queued
Registros de Packet-Diag (menos pan_packet_diag.log de dp0-log):
+0200 Error:  header_table_add(pan_hpack.c:365): pan_http2_alloc() failed
+0200 Error:  header_table_add(pan_hpack.c:365): pan_http2_alloc() failed
 

Environment


  • Cortafuegos de la serie PA-3400 de Palo Alto
  • PAN-OS 10.2.2 y 10.2.3
  • El descifrado está habilitado o url-proxy configurado para mostrar páginas de respuesta para solicitudes HTTPS

Cause


Problema de software debido a PAN-206005.

Resolution


  1. Como solución alternativa, active "Strip-ALPN " en la política de descifrado para detener el uso de HTTP2.
  2. Para una solución permanente, actualice el PAN-OS a 10.2.4, 11.0.1 o una versión superior. La cuestión se ha abordado en el documento PAN-206005
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kFiBCAU&lang=es&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language