That's not surprising behaviour on a PaloAlto unit, they are still very young in the market and my colleagues have had issues with NAT and proxy arp in the recent past.
Chris Campbell --------------------- On 9 Feb 2010, at 22:31, "Andrey Gordon" <[email protected]> wrote: > By changing my outbound IP address to a different one (i suspect > effectively > resetting sessions) the problem was solved. So, after that I set it > back to > the original source NAT. And the sites open up just fine still. It > really > behaves like a NAT table exhaustion, but the firewall only reports > 13000 > sessions in progress for all the NAT addresses on that firewall. I'm > thinking memory leak or something. We only put that device in place > this > winter break and this is the second time this is happening. Last > time was > about 2-3 weeks ago. > > Seems to be fixed for now and the f/w dude is opening a ticket with > the f/w > vendor. > > ----- > Andrey Gordon [[email protected]]
