[122224] in North American Network Operators' Group
Re: black listing of web traffic
daemon@ATHENA.MIT.EDU (Chris Campbell)
Tue Feb 9 17:46:33 2010
From: Chris Campbell <Chris.Campbell@nebulassolutions.com>
To: Andrey Gordon <andrey.gordon@gmail.com>
Date: Tue, 9 Feb 2010 22:45:07 +0000
In-Reply-To: <90ccfc91002091429t60d7470at8c124e153843f52c@mail.gmail.com>
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
That's not surprising behaviour on a PaloAlto unit, they are still =20
very young in the market and my colleagues have had issues with NAT =20
and proxy arp in the recent past.
Chris Campbell
---------------------
On 9 Feb 2010, at 22:31, "Andrey Gordon" <andrey.gordon@gmail.com> =20
wrote:
> By changing my outbound IP address to a different one (i suspect =20
> effectively
> resetting sessions) the problem was solved. So, after that I set it =20
> back to
> the original source NAT. And the sites open up just fine still. It =20
> really
> behaves like a NAT table exhaustion, but the firewall only reports =20
> 13000
> sessions in progress for all the NAT addresses on that firewall. I'm
> thinking memory leak or something. We only put that device in place =20
> this
> winter break and this is the second time this is happening. Last =20
> time was
> about 2-3 weeks ago.
>
> Seems to be fixed for now and the f/w dude is opening a ticket with =20
> the f/w
> vendor.
>
> -----
> Andrey Gordon [andrey.gordon@gmail.com]
