06-29-2023 02:16 PM
Hi Team,
Customers have PA-220 running 10.0.0 and migrated to PA-1410 running 11.0.1-h2
from PA-1410 - 11.0.1-h2 unable to get DHCP ip from the firewall for Android and iPhone devices. The same devices are getting IP from PA-220 running 10.0.0 versions.
Following pan_dhcpd logs from PA-1410
DHCPD log
==========
2023-06-22 10:15:18.098 -0500 Error: pan_dhcpd_ha_msg_send(pan_dhcpd_ha.c:527): can't send msg, state is Unknown
2023-06-22 10:15:20.124 -0500 Error: pan_dhcpd_ha_msg_send(pan_dhcpd_ha.c:527): can't send msg, state is Unknown
2023-06-22 10:15:22.557 -0500 Error: pan_dhcpd_ha_msg_send(pan_dhcpd_ha.c:527): can't send msg, state is Unknown
2023-06-22 10:15:22.557 -0500 DHCP lease started2023-06-22 10:15:22.557 -0500 ip 10.95.10.5 --> mac 8e:29:d1:c0:50:8b - hostname Pixel-7, interface ethernet1/2.10
2023-06-22 10:15:46.213 -0500 Error: pan_dhcpd_ha_msg_send(pan_dhcpd_ha.c:527): can't send msg, state is Unknown
2023-06-22 10:16:28.949 -0500 Error: pan_dhcpd_ha_msg_send(pan_dhcpd_ha.c:527): can't send msg, state is Unknown
2023-06-22 10:16:28.949 -0500 DHCP lease started2023-06-22 10:16:28.949 -0500 ip 10.95.10.5 --> mac 8e:29:d1:c0:50:8b - hostname Pixel-7, interface ethernet1/2.10
2023-06-22 10:16:33.786 -0500 Error: pan_dhcpd_ha_msg_send(pan_dhcpd_ha.c:527): can't send msg, state is Unknown
2023-06-22 10:16:33.786 -0500 DHCP lease started2023-06-22 10:16:33.786 -0500 ip 10.95.10.5 --> mac 8e:29:d1:c0:50:8b - hostname Pixel-7, interface ethernet1/2.10
06-30-2023 01:42 AM
Hi @vij ,
Have you tried restarting the DHCP service on the firewall ?
If it's not working I'd recommend getting PCAPs to confirm a couple of things.
Are you receiving the discover packet from the client, are you sending the offer packet out to the client, is the client receiving the offer packet ?
Grab all the debug level logs if possible to get more verbose logging.
I've seen the same error appear in bug-ID PAN-189196 but I can't confirm if you're hitting the same bug or if you're experiencing a different issue. In that particular scenario there was a reserved address configured for the DHCP client and the client was sending DHCP requests from a different IP address from the reserved address... as a result the firewall did not send out the DHCP NAK packet. But like I said, I can't confirm if you're hitting the same issue.
I suggest getting debug level logs and a tech support file for further analysis.
Kind regards,
-Kim.
07-01-2023 12:03 AM
Can you share configuration of both firewalls
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
