SSL Decryption Sessions near Capacity-paloaltonetworks-panos

SSL Decryption Sessions near Capacity-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
Indeni will alert when it notices that the PAN firewall is nearing its capacity of concurrent SSL decryption sessions

Remediation Steps:
Please review the following articles to best identify ways to optimize the number of SSL decryption sessions: https://live.paloaltonetworks.com/t5/Learning-Articles/Limitations-and-Recommendations-While-Implementing-SSL/ta-p/60036

How does this work?
This script uses the Palo Alto Networks CLI to retrieve the current connection count.

Why is this important?
The firewall has a limit in handling SSL decryption sessions at any given time. It is important to know when it reaches near the limit before it begins to drop packets.

Without Indeni how would you find this?
The only available method in collecting the information is to manually run the CLI command on the device.

panos-show-session-all-filter-ssl-decrypt

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/panw/panos/panos-show-session-all-filter-ssl-decrypt/panos-show-session-all-filter-ssl-decrypt.ind.yaml

panos-show-system-info-monitoring

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/panw/panos/show-system-info-monitoring/show-system-info-monitoring.ind.yaml

PanosHighConcurrentSslDecryptionSessionRule

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/paloaltonetworks/PanosHighConcurrentSslDecryptionSessionRule.scala