Firewall slowness

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
Jafar_Hussain
L4 Transporter

Firewall slowness

Hello,

 

I am facing an issue with my firewall. it is very slow in the GUI as well as CLI. if i click any tab in the firewall it is taking too much time to refresh and loading the page.

 

firewall model - PA-500

PAN-OS version - 8.1.15

 

below i check from my side:-

 

pa500> show system disk-space

Filesystem Size Used Avail Use% Mounted on
/dev/sda3 3.8G 2.4G 1.3G 65% /
/dev/sda5 7.6G 5.2G 2.0G 73% /opt/pancfg
/dev/sda6 3.8G 1.5G 2.2G 41% /opt/panrepo
tmpfs 489M 210M 279M 43% /dev/shm
/dev/sda8 125G 84G 35G 71% /opt/panlogs

* in the resource follow, i observe some time appweb process spike mort than 100%

 

Jafar_Hussain_0-1615720242254.png

 

 

* Even the firewall is taking too long time to generate TECH support file . Once i check in the TECH support file there is some critical event is showing.

 

Jafar_Hussain_1-1615720490389.png

below are the logs:-

 

2021-03-14 06:11:08.643 +0300 Error: pan_tunnel_mp_sync_modify_cb(ipsec/src/pan_ipsec.c:708): sysd_async_modify_obj failed (TIMEOUT) for tunnel_mp_sync.
2021-03-14 06:11:17.643 +0300 Error: pan_tunnel_mp_sync_modify_cb(ipsec/src/pan_ipsec.c:708): sysd_async_modify_obj failed (TIMEOUT) for tunnel_mp_sync.
2021-03-14 06:11:21.647 +0300 Error: pan_tunnel_mp_sync_modify_cb(ipsec/src/pan_ipsec.c:708): sysd_async_modify_obj failed (TIMEOUT) for tunnel_mp_sync.
2021-03-14 06:11:21.976 +0300 UNKNOWN TID: MODIFY 402 [RSP,v1] (114/36) { 'flgs': 0x2, 'pfx': [ sw.keymgr., ], 'spec': tunnel.ipsec.sync, 'ss': [ ], 'ts': 0xd1e473, } obj: [ <>, ]
2021-03-14 06:11:21.984 +0300 UNKNOWN TID: MODIFY 403 [RSP,v1] (114/36) { 'flgs': 0x2, 'pfx': [ sw.keymgr., ], 'spec': tunnel.ipsec.sync, 'ss': [ ], 'ts': 0xd1e474, } obj: [ <>, ]
2021-03-14 06:11:21.987 +0300 UNKNOWN TID: MODIFY 404 [RSP,v1] (114/36) { 'flgs': 0x2, 'pfx': [ sw.keymgr., ], 'spec': tunnel.ipsec.sync, 'ss': [ ], 'ts': 0xd1e475, } obj: [ <>, ]

 

* Session count is expected only b/w 6000-7000.

 

I am not able to find the reason for slowness. can anyone help me with this?

MP18
Cyber Elite

@Jafar_Hussain 

 

Try to restart the 

debug software restart process web-server
ebug software restart process management-server

 

Regards

MP
Jafar_Hussain
L4 Transporter

@MP18 

 I run both commands but after restart the management server, I was not able to access firewall GUI as well CLI for around 3-4 hours.

and the firewall performance is still the same.

MP18
Cyber Elite

@Jafar_Hussain 

 

Definitely some issue with firewall.

Never see this before where PA takes 3 to 4 hours for GUI access after restarting the MP.

I will recommend please open up tac support case for this issue.

 

Regards

 

MP
Jafar_Hussain
L4 Transporter

@MP18  I have schedule the upgrade this firewall.

 after the upgrade if the issue still the same, then i will open a case with TAC.

NikolayDimitrov
L4 Transporter

Better reboot all the 3 web processes :

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POIHCA4

 

 

Also is the issue non stop only in working hours as it could overutlization or if you are using API scripts non stop ? It is rare but the data plane may affect the managment plane:

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmV2CAK

 

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwiC0v6JucTvA...

 

 

What did the TAC say?

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!