https://live.paloaltonetworks.com/t5/next-generation-firewall/fips-cc-cannot-log-into-firewall/m-p/1228224#M5868 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/206204">@sos66sos</a>&nbsp;,</P> <P>&nbsp;</P> <P>It does indeed sound like you're running into a memory leak issue where a certain process takes hold of all the resources over time and rendering the device unresponsive.</P> <P>If you generate a tech support file you should be able to check the resources over time and especially at the time you're experiencing the issue.&nbsp; Check for a process that hogs all the resources.</P> <P>&nbsp;</P> <P>A workaround would be to restart said process, there should be a cli command to restart the appropriate process.</P> <P>11.1.6-h3 is currently the preferred release in this OS train. So you might want to submit the TSF to support for analysis.</P> <P>Submitting your TSF will confirm if you're hitting a known bug or if you're hitting a different issue.</P> <P>&nbsp;</P> <P>Kind regards,</P> <P>-Kim.</P> Tue, 06 May 2025 07:42:15 GMT kiwi 2025-05-06T07:42:15Z https://live.paloaltonetworks.com/t5/next-generation-firewall/fips-cc-cannot-log-into-firewall/m-p/1227777#M5856 <P>We have an HA pair PA-440's running 11.1.6-h3 in FIPS-CC</P> <P><BR />Recently the Active firewall stopped allowing us to log into it or connect with Global Protect using local user accounts.&nbsp; Neiither the GUI or SSH works - it just times out.&nbsp; Seeing how its in FIPS-CC mode the console port is turned off so I could not test access via console.&nbsp;</P> <P><BR />The standby firewall allows you to log into it just fine.</P> <P><BR />I pulled the primary firewall and turned it off for a day or 2.&nbsp; When I turned it back on, you could log into it but that only lasted a few days and the issue returned.&nbsp;</P> <P><BR />One item I noticed is the Management plane had a very high CPU - normally between 60-80%.&nbsp; I'm not sure if there is a runaway process that eventually kills the Management plane?<BR /><BR />Has anyone had this issue?&nbsp; If so what did you do to remediate it - maybe turn something off or an OS version?<BR /><BR />Thanks,</P> Wed, 30 Apr 2025 16:00:39 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/fips-cc-cannot-log-into-firewall/m-p/1227777#M5856 sos66sos 2025-04-30T16:00:39Z https://live.paloaltonetworks.com/t5/next-generation-firewall/fips-cc-cannot-log-into-firewall/m-p/1227853#M5857 <P>Your PA-440 firewall running PAN-OS 11.1.6-h3 in FIPS-CC mode is experiencing high CPU usage on the management plane, leading to login issues. Some users have reported similar problems, and rolling back to PAN-OS 11.1.4-h1 helped stabilize performance.</P> <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/206204">@sos66sos</a>&nbsp;wrote:<BR /> <P>We have an HA pair PA-440's running 11.1.6-h3 in FIPS-CC</P> <P><BR />Recently the Active firewall stopped allowing us to log into it or connect with Global Protect using local user accounts.&nbsp; Neiither the GUI or SSH works - it just times out.&nbsp; Seeing how its in FIPS-CC mode the console port is turned off so I could not test access via console.&nbsp;</P> <P><BR />The standby firewall allows you to log into it just fine.</P> <P><BR />I pulled the primary firewall and turned it off for a day or 2.&nbsp; When I turned it back on, you could log into it but that only lasted a few days and the issue returned.&nbsp;</P> <P><BR />One item I noticed is the Management plane had a very high CPU - normally between 60-80%.&nbsp; I'm not sure if there is a runaway process that eventually kills the Management plane?<BR /><BR />Has anyone had this issue?&nbsp; If so what did you do to remediate it - maybe turn something off or an OS version?<BR /><BR />Thanks,</P> <HR /></BLOCKQUOTE> <P>&nbsp;</P> Thu, 01 May 2025 10:04:53 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/fips-cc-cannot-log-into-firewall/m-p/1227853#M5857 coniveh699 2025-05-01T10:04:53Z https://live.paloaltonetworks.com/t5/next-generation-firewall/fips-cc-cannot-log-into-firewall/m-p/1228224#M5868 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/206204">@sos66sos</a>&nbsp;,</P> <P>&nbsp;</P> <P>It does indeed sound like you're running into a memory leak issue where a certain process takes hold of all the resources over time and rendering the device unresponsive.</P> <P>If you generate a tech support file you should be able to check the resources over time and especially at the time you're experiencing the issue.&nbsp; Check for a process that hogs all the resources.</P> <P>&nbsp;</P> <P>A workaround would be to restart said process, there should be a cli command to restart the appropriate process.</P> <P>11.1.6-h3 is currently the preferred release in this OS train. So you might want to submit the TSF to support for analysis.</P> <P>Submitting your TSF will confirm if you're hitting a known bug or if you're hitting a different issue.</P> <P>&nbsp;</P> <P>Kind regards,</P> <P>-Kim.</P> Tue, 06 May 2025 07:42:15 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/fips-cc-cannot-log-into-firewall/m-p/1228224#M5868 kiwi 2025-05-06T07:42:15Z