Commonly Used Processes/Daemons

Commonly Used Processes/Daemons

Created On 04/09/19 19:18 PM - Last Modified 01/16/24 22:28 PM


What are the processes running on the firewall responsible for?


Most hardware firewalls consist of a management plane and one or multiple dataplanes. Smaller platforms and VM-Series firewalls only have a management plane that runs the dataplane processes. Some larger platforms have an additional control plane, and Panorama does not have a dataplane. 


Management Plane Processes
  • Masterd: Manages all other daemons. Use CLI 'show system software status' to show all daemon statuses. 
  • Sysd: Manages inter-daemon communications. 
  • Mgmtsrvr: Management backend. Takes care of configuration management, commit, reporting, etc. 
  • Devsrvr: Takes care of pushing config to dataplane. Responsible for miscellaneous communication with dataplane (i.e., URL filtering request response). 
  • Useridd: Communicate with User-ID agents. 
  • Sslvpn: Secure web pages for SSL VPN and GlobalProtect. 
  • Rasmgr: Backend logic for SSL VPN and GlobalProtect. 
  • Sslmgr: Fulfill OCSP and CRL query request by daemons and dataplane. Manages OCSP and CRL repository. 
  • Satd: Satellite VPN. 
  • Cryptod: Encrypt and decrypt passwords, private keys, etc. in order to be included in configuration file. 
  • Ikemgr/Keymgr: ISAKMP daemon and IPSec key repository management. 
  • Authd: User authentication, lock account. 
  • Ha-agent: Manages HA status, configuration sync, etc. 
  • Logrcvr: Recording traffic log sent by dataplane. 
  • Varrcvr: Recording URL filtering log and packet capture sent by dataplane. Involved with WildFire logs. 
  • L3svc: Serves web pages for captive portal, NTLM authentication, URL admin override page and URL block page. 
  • Websrvr: Secures web pages for admin user interface. 
  • Routed: Routing daemon and dynamic routing. 
  • icd: identity client daemon is in charge of communication with the edge service to get verdict/policy recommendation for IOT devices.
  • iotd: iot daemon is in charge of managing ip-device mapping in the local database of the firewall.
  • distributord: has been introduced staring 10.0 to be the central point within PAN-OS to handle all redistribution exchanges.
  • reportd: has been introduced to FW starting 10.1 to handle all reporting and report query functionalities.
Dataplane Processes
  • Sysdagent: Communicates with sysd on management plane. Monitors dataplane and management plane. 
  • Brdagent: Configuration, management, and monitor peripheral chips and front-panel ports. 
  • Comm/pan_comm: Communicate with devsrvr. Participate in commit and other configuration changes. Pushes serialized buffer to pan_comm, which pushes to shared memory. 
  • Dha/pan_dha: Implement link/path monitoring and also responsible for status changes on interface status, etc. 
  • Mprelay: Communicate with routed, keymgr, etc. Implements VPN and PBF monitoring. Install or remove FIB and tunnels. 
  • Pan_tasks: Responsible for packet forwarding daemons. Runs on dedicated CPU cores. 
  • icd: identity client daemon is in charge of communication with the edge service to get verdict/policy recommendation for IOT devices.
  • dssd: Distributed session synchronization daemon which manages the Distributed Session Synchronization functionalities, such as session cache, save, lookup, aging out etc

  • Print
  • Copy Link

Choose Language