Receive errors on all traffic interfaces

tulkas — Wed, 23 Nov 2022 16:18:30 GMT

Hi guys

I am a bit lost in our own network...... We have a PA-820 Cluster in active-passive mode. It is running for maybe 7 months now. Each firewall has 2 uplinks to our 2 core switches and 1 downlink to the access switch (with subcontractor on it).

We noticed around 2 weeks ago that all those 6 ports have hardware receive errors since we installed them. The downlink ports to the access area have a lot more (in around 1.5 weeks 292'359) then the uplinks the uplinks (around 9'000). The access area does not communicate that much to outside. The uplinks are singlemode fibre and the downlink normal RJ45. I changed the RJ45 already without any success. The SFPs are from Finisar 1G and should be supported although the firewall does not recognize them (there is no vendor name or vendor part number). However the hardware part shouldn't be the issue as we have the same situation in fibre & copper.

I did some research and packet captures and initially thought its because of STP frames arriving on the port which count as errors. But after disabling it the counters still increase. So currently I have no non-ip traffic on those interfaces according to the PCAP.

I found the following command which shows you recent counters and also drops:

show counter global filter delta yes

When using this command I see following drops: (also see attachment)

name value rate severity category aspect description

flow_rcv_dot1q_tag_err        23 0     drop    flow       parse       Packets dropped: 802.1q tag not configured
flow_no_interface 23     0   drop    flow   parse      Packets dropped: invalid interface
flow_ipv6_disabled              800   13    drop    flow parse        Packets dropped: IPv6 disabled on interface
flow_policy_deny                1121 19    drop    flow    session     Session setup: denied by policy
flow_fwd_l3_bcast_drop    5677   98    drop flow forward   Packets dropped: unhandled IP broadcast
flow_fwd_l3_mcast_drop    775   13     drop flow    forward Packets dropped: no route for IP multicast
flow_fwd_l3_noroute          13       0      drop     flow   forward     Packets dropped: no route
flow_fwd_l3_noarp             11        0     drop     flow    forward     Packets dropped: no ARP

flow_host_service_deny 746 12 drop flow mgmt Device management session denied

Does anyone has an idea how I can continue to troubleshoot this?

Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.

Re: Receive errors on all traffic interfaces

PavelK — Thu, 24 Nov 2022 03:27:58 GMT

Hello @tulkas

thanks for posting in LIVEcommunity!

- Could you confirm what devices are connected uplink and downlink to Firewall?

- My first suspect for non-IP traffic would be anything that arrives interface of Firewall, but Firewall does not understand it. For example CDP, DTP, VTP, PAGP. Have you seen any layer 2 traffic in the packet capture?

Kind Regards

Pavel

topic Re: Receive errors on all traffic interfaces in Next-Generation Firewall Discussions

Receive errors on all traffic interfaces

Re: Receive errors on all traffic interfaces

Re: Receive errors on all traffic interfaces