SSL decryption memory usage is high-paloaltonetworks-panos

SSL decryption memory usage is high-paloaltonetworks-panos
0

SSL decryption memory usage is high-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
Indeni will alert when memory usage is high for SSL decryption.

Remediation Steps:
Reduce URL categories being decrypted in SSL decryption or upgrade system with larger SSL certificate cache.

How does this work?
This script uses command output of “show system setting ssl-decrypt memory” in CLI to find out memory usage and limit for SSL certificate cache. Value displayed after “Current Entries” is mapped to this metric.

Why is this important?
Memory in SSL certificate cache is used to decrypt SSL traffic in Palo Alto Networks devices. It is critical to monitor memory usage in cache periodically and receive high memory usage alert on time to prevent out of memory error.

Without Indeni how would you find this?
Manually running command “show system setting ssl-decrypt memory” in Palo Alto Networks devices and value after “Current Entries” will be current memory usuage of SSL certificate cache.

panos-show-system-setting-ssl-decrypt-memory

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/panw/panos/show-system-setting-ssl-decrypt-memory/show-system-setting-ssl-decrypt-memory.ind.yaml

panos-show-system-setting-ssl-decrypt-memory

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/panw/panos/show-system-setting-ssl-decrypt-memory/show-system-setting-ssl-decrypt-memory.ind.yaml

PanwDataplaneSslDecryptionMemoryThresholdRule

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/paloaltonetworks/PanwDataplaneSslDecryptionMemoryThresholdRule.scala