AWS GWLB VPC Endpoint Associations no longer work post-upgrade

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

AWS GWLB VPC Endpoint Associations no longer work post-upgrade

L1 Bithead
Hello,

We have recently upgraded our VMSeries Firewalls from 10.2.8-h5 to 11.2.3-h3. However, now, none of our AWS VPC Endpoint associations work via the CLI. We're running the following as per the documentation - as we always have:

admin@PA-VM> request plugins vm_series aws gwlb associate vpc-endpoint vpce-0c9fbeeeae9387c49 interface ethernet1/1.1
admin@PA-VM> request plugins vm_series aws gwlb associate vpc-endpoint vpce-06e2ec4d749fcf479 interface ethernet1/1.2

admin@PA-VM> show plugins vm_series aws gwlb

GWLB enabled : True
Overlay Routing : True
================================================
VPC endpoint Interface Egress
================================================
GWLB vpc-endpoint association not found

Both subinterfaces (and interfaces) are active in the console. Can anyone shed any light as to why this might be?

Kind regards,

Carl
2 REPLIES 2

L1 Bithead

Also, I have checked the vm_series plugin logs there seems to be no errors relating to the association(s):

admin@PA-VM> tail follow no mp-log plugin_vm_series.log
2024-11-19 06:07:14.056 -0800 INFO: [vm_cloudwatch_log] Token refreshed successfully
2024-11-19 06:07:14.057 -0800 INFO: [vm_cloudwatch_log] AWS get_meta_data succeedeed
2024-11-19 06:07:14.057 -0800 INFO: [vm_cloudwatch_log] AWS instance id i-0b075ab8e40468a39
2024-11-19 06:07:14.108 -0800 INFO: [vm_cloudwatch_log] Region eu-west-2
2024-11-19 06:47:20.159 -0800 ERROR: [vm_cloudwatch_log] Connect timeout on endpoint URL: "https://logs.eu-west-2.amazonaws.com/" ConnectTimeoutError
2024-11-19 06:47:20.159 -0800 INFO: [vm_cloudwatch_log] Logging INFO : SYSTEM : START : Palo Alto Networks Firewall Initializing.
2024-11-19 07:27:30.734 -0800 ERROR: [vm_cloudwatch_log] Connect timeout on endpoint URL: "https://logs.eu-west-2.amazonaws.com/" ConnectTimeoutError
2024-11-19 07:27:30.735 -0800 ERROR: [vm_cloudwatch_log] Error logging 'NoneType' object has no attribute 'put_log_events' AttributeError
2024-11-19 08:07:37.446 -0800 ERROR: [vm_cloudwatch_log] Connect timeout on endpoint URL: "https://logs.eu-west-2.amazonaws.com/" ConnectTimeoutError
2024-11-19 08:07:37.447 -0800 ERROR: [vm_cloudwatch_log] Error logging 'NoneType' object has no attribute 'put_log_events' AttributeError

 
Kind regards,

Carl

L1 Bithead

This issue appears to be specifically tied to the the vm_series plugin version 5.1.3. I regressed the plugin to version 5.1.0 and the associations now work. In version 5.1.3 there was an issue addressed (PLUG-16869) that caused the CLI command `show plugins vm_series azure gwlb` to not return any output. Even though that was for Azure and now AWS, could this be a similar issue? I tried to check the release notes for version 5.1.4 and it doesn't show anything.

  • 326 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!