SSL Decryption failure due Out of Memory

SSL Decryption failure due Out of Memory

1040
Created On 04/17/25 07:52 AM - Last Modified 08/11/25 19:08 PM


Symptom


  • Previously working SSL traffic started to fail
  • debug dataplane pool statistics is showing 0 for Free Chunks as an indication of memory leak

    admin@PA-VM>debug dataplane pool statistics | match 'Chunk (Size \* Free / Total)'
    Chunk (Size * Free / Total)  65536 * 0 / 320

    or 

    admin@PA-VM> grep pattern 'Chunk (Size' mp-log dp-monitor.log
    :Chunk (Size * Free / Total)  65536 * 293 / 320
    :Chunk (Size * Free / Total)  65536 * 0 / 320

 

Environment


  • Palo Alto Firewalls
  • Inbound SSL Decryption

Cause


  • Software defect related to TLS inbound decryption causing memory leak
  • PAN-277417  

Resolution


  • Upgrade to PAN-OS version with PAN-277417 fix (i.e., 11.1.9, 11.2.6, or later)
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000XZHhKAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail