• Alerts
  • RX Traffic Drastically Reduced Post Fail Over. Palo Alto Networks Alert Guide

RX Traffic Drastically Reduced Post Fail Over. Palo Alto Networks Alert Guide

This is a real life sample alert from indeni alert guide for Palo Alto Networks Firewall.

Description:

This device is receiving far less traffic than expected. It is receiving 142 packets/sec at the moment, compared to 15921 packets/sec it received a few minutes ago. This can be a result of a fail over of this firewall cluster.

Manual Remediation Steps:

Consider clearing the ARP cache, as detailed in DOC-4575. Review the comments of that DOC.

How does this alert work?

indeni tracks the traffic flow on firewalls to identify situations where there is a sharp decrease in RX traffic (as opposed to TX traffic). Such a drop in RX traffic means the surrounding network equipment isn’t forwarding traffic to the firewall, usually due to ARP issues.

BlueCat to acquire LiveAction

BlueCat adds LiveAction’s network observability and intelligence platform, which helps large enterprises optimize the performance, resiliency, and security of their networks.