The graphs under MONITOR>App scope>Network Monitor could show unrealistic high volume unknown-tcp traffic in exabyte

The graphs under MONITOR>App scope>Network Monitor could show unrealistic high volume unknown-tcp traffic in exabyte

2829
Created On 06/14/24 10:14 AM - Last Modified 03/11/25 23:20 PM


Symptom


Even if the PA-Series Next-Generation Firewall didn't receive such high volume traffic in actual, the graphs under MONITOR>App scope>Network Monitor could show unrealistic unknown-tcp traffic in exabyte like the following sample screenshot.

17.5E = 17.5 exabyte
Network Monitor

Environment


  • PA-Series Next-Generation Firewalls
  • PAN-OS 10.1.13 or earlier.
  • PAN-OS 11.x

Cause


Byte count value for potential overflow/underflow was not being checked.

Resolution


  1. The issue has been resolved under PAN-236851 (not documented) in the PAN-OS versions 11.2.2, 10.1.14, and 11.1.5.
  2. Upgrading to the fixed versions will resolve the issue.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000scMwCAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language