nanog mailing list archives
Re: black listing of web traffic
From: Chris Campbell <Chris.Campbell () nebulassolutions com>
Date: Tue, 9 Feb 2010 22:45:07 +0000
That's not surprising behaviour on a PaloAlto unit, they are still very young in the market and my colleagues have had issues with NAT and proxy arp in the recent past. Chris Campbell --------------------- On 9 Feb 2010, at 22:31, "Andrey Gordon" <andrey.gordon () gmail com> wrote:
By changing my outbound IP address to a different one (i suspect effectively resetting sessions) the problem was solved. So, after that I set it back to the original source NAT. And the sites open up just fine still. It really behaves like a NAT table exhaustion, but the firewall only reports 13000 sessions in progress for all the NAT addresses on that firewall. I'm thinking memory leak or something. We only put that device in place this winter break and this is the second time this is happening. Last time was about 2-3 weeks ago. Seems to be fixed for now and the f/w dude is opening a ticket with the f/w vendor. ----- Andrey Gordon [andrey.gordon () gmail com]
Current thread:
- Re: black listing of web traffic, (continued)
- Message not available
- Re: black listing of web traffic Andrey Gordon (Feb 09)
- Re: black listing of web traffic Jim Shankland (Feb 09)
- Re: black listing of web traffic Jay Hennigan (Feb 09)
- Re: black listing of web traffic Andrey Gordon (Feb 09)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: black listing of web traffic Andrey Gordon (Feb 09)
- Re: black listing of web traffic Valdis . Kletnieks (Feb 09)
- Re: black listing of web traffic gordon b slater (Feb 09)
- Message not available
- Re: black listing of web traffic gordon b slater (Feb 09)
- Re: black listing of web traffic Rogelio (Feb 09)
- Re: black listing of web traffic Andrey Gordon (Feb 09)
- Re: black listing of web traffic Chris Campbell (Feb 09)