session failure with session end reason "resource-unavailable" after upgrade to 9.1.13-h3

session failure with session end reason "resource-unavailable" after upgrade to 9.1.13-h3

13122
Created On 05/03/22 10:25 AM - Last Modified 04/15/24 17:13 PM


Symptom


  • Traffic logs report session failures with end reason "resource unavailable"
  • "aho_alloc_lookup_failed"  increments on CLI command "show counter global
  • "ctd out of resource" is seen when checking the session id using "show session id <id no>" on the "tracker stage l7 proc"

 

Environment


  • Palo Alto Firewalls
  • PAN OS 9.1.13-h3 
  • Session failures in traffic log

Cause


Content inspection queue filling up

Resolution


  1. The issue is fixed under PAN-189468 in PAN-OS 9.1.14.
  2. Upgrade to PAN-OS 9.1.14 will resolve the issue
  3. Other version including fix are 10.0.11 , 10.1.5 or higher.
  4. As an immediate workaround one can "App-override " relevant traffic causing resource exhaustions (application seen in the traffic log)

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oNpRCAU&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language