Firewall Failure

cancel
Showing results for 
Search instead for 
Did you mean: 

Firewall Failure

L0 Member

Hello guys, last week i have experienced something very weird.
I have two PA-3220 in HA Active/Active. They were working properly and all of the sudden, the Active-Primary stopped working (all the interfaces went down except the management interface, all the led ports went also down except the Power led which was green. i was able to ping the management IP but was unable to access it via ssh or HTTPS. In addition, when I used console cable I was prompted to log in but the username and password which I correctly enter was saying wrong.
Unfortunately, I have decided to reboot the second firewall and it went in the same situation as the first one. Since then I am unable to use both of the firewalls. I have discarded them from the network in order for traffic to flow. 

Bellow is a line that I have suspected to be an error during booting up.
Starting PAN Software: [ 40.082203] pan_crash_save: probe of 0-0056 failed with error -22

2 REPLIES 2

Cyber Elite
Cyber Elite

@Cokiss371,

Open an RMA case with TAC and let them investigate for root cause. Hopefully you have a configuration backup if both units have failed so you can restore the configuration when you get the replacement units without having to reconfigure everything. I'm sort of suspect that it was actual hardware failure on both units at exactly the same time. Not unheard of, but extremely uncommon.

If you can get them to boot into maintenance mode, you could potentially recover them by factory resetting them to get them back up and operational. That would allow you to do some basic testing on one of the units to ensure it's in a stable state. I wouldn't personally reload the configuration file if you have that capability and rebuild the configuration on a recommended release, just because I think this was more likely caused by some kind of software issue than hardware. 

L0 Member

Hello @BPry,
Thank you for your advice.
I have been able to reach out to the support and according to them, the issue was because I have enabled 'zone protection profile' with the action as 'alert'. And moreover, even though the Firewall are in HA, I should not have enable it on both the Active and Standby. 
Enabling 'zone protection' with action as 'alert' has overloaded the device and sent it into 'suspended' mode.
We have been able to do a factory reset and now the device are working well.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!