Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

After deploying PaloAlto in VWire mode the router getting hanged,..

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

After deploying PaloAlto in VWire mode the router getting hanged,..

L4 Transporter

Hi All,

After deploying PaloAlto in VWire mode the router getting hanged,.. again after rebooting the router again works fine for hours and again gets hanged (Router have 1G interface).

We have set the negotiation to "Auto" in both PaloAlto and router.. Can any one provide the troubleshooting steps or resolution for this issue.

PANOS is 6.0.0

Model 2050

(as customer says the existing sessions works fine but problem will be with the new sessions ).

Thank you,

Gururaj

Message was edited by: Gururaj Patil

5 REPLIES 5

L7 Applicator

Hello Gururaj,

1. Do you have configured any aggregation protocol on your router..?

2. Could you please verify the packet rate on both PAN and the connected router.

3. Please verify the interface of the router, if any L2 error counters increasing rapidly.

Additional info: Re: Limits of VWIRE?

Thanks

L6 Presenter

is this happening random times after reboot ?

Do you have any asymmetric traffic ?

Hi HULK,

Thank you for reply, there is no link aggregation used in router as well as in PaloAlto

Please let me know,how to check packet rates in PaloAlto?

What is L2 errors?

Thank you,

Gururaj

Hi panos,

After rebooting the router everything works fine for few hours and again gets hanged ( the existing sessions works fine but problem will be with the new sessions as customer says).

Symmetric traffic only.

Thank you,

Gururaj

Hello Gururaj,

PFB requested commands:

> show running resource-monitor -------- to verify DP CPU, packet buffer and packet descriptor utilization.

> show running logging -------- verify the logging rate on PAN firewall.

> show session info  ------ to see packet rate

Procedure to verify interface error ( on both ingress and egress interface): 

admin@DADA> show counter interface ethernet1/1

Hardware interface counters read from CPU:

--------------------------------------------------------------------------------

bytes received                           1406004

bytes transmitted                        36036

packets received                         18643

packets transmitted                      603

receive errors                           0 >>>>>>>>>>>>>>>>>

packets dropped                          0 >>>>>>>>>>>>>>>>

--------------------------------------------------------------------------------

Logical interface counters read from CPU:

--------------------------------------------------------------------------------

receive errors                           0 >>>>>>>>>>>>>>>>>>>

packets dropped                          0 >>>>>>>>>>>>>>

packets dropped by flow state check      0

forwarding errors                        0

no route                                 0

arp not found                            0

neighbor not found                       0

neighbor info pending                    0

mac not found                            0

packets routed to different zone         0

land attacks                             0

ping-of-death attacks                    0

teardrop attacks                         0

ip spoof attacks                         0

mac spoof attacks                        0

ICMP fragment                            0

layer2 encapsulated packets              0

layer2 decapsulated packets              0

--------------------------------------------------------------------------------

Thanks

  • 2590 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!