SSL Decryption Sessions near Capacity-paloaltonetworks-panos
Indeni will alert when it notices that the PAN firewall is nearing its capacity of concurrent SSL decryption sessions
Please review the following articles to best identify ways to optimize the number of SSL decryption sessions: https://live.paloaltonetworks.com/t5/Learning-Articles/Limitations-and-Recommendations-While-Implementing-SSL/ta-p/60036
How does this work?
This script uses the Palo Alto Networks CLI to retrieve the current connection count.
Why is this important?
The firewall has a limit in handling SSL decryption sessions at any given time. It is important to know when it reaches near the limit before it begins to drop packets.
Without Indeni how would you find this?
The only available method in collecting the information is to manually run the CLI command on the device.
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/panw/panos/panos-show-session-all-filter-ssl-decrypt/panos-show-session-all-filter-ssl-decrypt.ind.yaml
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/panw/panos/show-system-info-monitoring/show-system-info-monitoring.ind.yaml
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/paloaltonetworks/PanosHighConcurrentSslDecryptionSessionRule.scala