04-08-2024 02:49 PM
Hi everyone! First, sorry 'cause my English is not good.
My issue don't let me sleep. My firewall (PA-3410 v11.0.0-h1) doesn't process traffic, I can't do ping at other interface than MGMT. The Monitor is clear!.
The only thing I have observed is that the traffic reaches the MAC interface, but the CPU counter does not increase.
After a few minutes sending ICMP and HTTPS traffic, it shows this:
Any idea?
04-08-2024 02:56 PM
Do you have an interface management profile that would allow you to ping interfaces? By default, the firewall isn't going to have ICMP active on an interface address. Likewise the intrazone-default policy doesn't have logging enabled by default (nor does the interzone-default policy), so you may simply not be passing any traffic that would actually be logged. Without knowing how you've configured your security rulebase it's impossible to know if that's a real issue or not.
04-08-2024 03:07 PM - edited 04-08-2024 03:09 PM
Yes I do.
Inter-zone traffic doesn't show it. Logs at the policy are enable. It's not the first time it's happened to me, I still haven't solved the previous case.
04-09-2024 12:19 PM
Is there a reason why you're running PAN-OS version 11.0.X? If there's not a specific feature that's in 11.0.X and you can run 10.2.X my suggestion would be downgrade to 10.2.7hx or 10.2.8. If you need to run 11.0, I would run the latest preferred version of 11.0. Especially with the new 3400 platform I've ran into a bunch of weird issues.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
