08-27-2012 10:28 AM
So, I recently ran into an issue and I wanted to try to see if I could get some feedback from users to see if anyone else had something similar happen to them.
We recently ran into an issue where our active firewall tanked and transferred responsibility to it's peer. Everything was working as it should, so i contact support to check what the issue could have been. After looking at the tech support files, they discovered that it's a memory leak issue in the 4.1.5 release and that we should upgrade to 4.1.7 because apparently it fixes "hundreds of memory leak issues". So, we upgraded and everything was working fine...for about 2 hours. I tried accessing the CLI and GUI of the active firewall but I was unable to. However, the passive was working fine AND the data plane on the active was still working as well. After doing a tac-login with a challenge/response for the tech to have root access the my box, he was able to restart the authd service because there's yet another race condition issue with 4.1.7 where there are lots of log queries happening at the same time which causes the authd service to fail. This is were the h2 or hotfix 2 comes in and fixes the issue.
Is it me, or is it every time that palo alto releases a new code version that they break something in the previous release that was once working? I've been dealing with this exact scenario since 4.0.x days, and frankly, it's getting annoying having to upgrade our firewalls every 6 weeks when they release a new code.
08-28-2012 12:59 AM
I also upgrade one customer (cluster of PA 500) from 4.0.x to 4.1.x.
The first release I tried was 4.1.6. It runs...3 days. A reboot was required every week (2 times at minimum).
Then I moved to 4.1.7 since 10 days.
Three days ago, I was unable to login into the active (backup one was working fine) firewall.
Management plane didn't respond correctly.
Because some rules are on based User-ID, some policies didn't work...
4.0.x is VERY stable now.
4.1.x still need some fix in my point of view.
I will probably wait for 4.1.8 or 4.1.9 before upgrading other customers...
How do you restart the authd service from the CLI ??
09-03-2012 01:06 AM
We too had the issues you described with the management GUI/CLI not responding. I'm having the same thoughts about 4.1.X, still waiting for a "stable" release, without having to upgrade to a new release that solves certain bugs that affect us, but introduces new ones (which will be solved in the next and so on...)
09-25-2012 12:07 PM
Add me to the list. GUI/CLI and the serial console all quit working. I can authenticate at the serial console, but that's it. Requires a hard reboot to get things working again. 4.1.7 2050's in an active/passive pair.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!