Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
11-21-2018 06:56 AM
The 20G link for HA2 between the two PA-5220 firewalls (Active-Passive cluster) does not work correctly. It is a direct link using single-mode fiber and 10G-LR optics with a length of approximately 550 meters.
After restarting any of the two firewalls, the HA2 link does not raise (in the Down state). We only managed to lift it after disconnecting and reconnecting the fiber patch on either of the two firewalls.
On other occasions, the HSCI port enters a flaping loop (UP / Down) continuously. It is solved by disconnecting the fiber.
We have certified the single mode link with 20G-LR working fine(included patch cords).
The firmware version of the fws is 8.0.12.
Its seems like a bug but i can not find any bug related to this in 8.0.12.
11-21-2018 09:40 AM
The HSCI interface has been causing a lot of issuess on the PA-3200 series as of late, but I haven't heard about many issues with the 5200 series. I'd do what @Brandon_Wertz recommends and open a ticket on the manner, it appears that HSCI is really finiky at the moment and might be better avoided if your setup allows for it.
11-21-2018 07:11 AM
I just had a call with Palo yesterday, and I seem to recall hearing about a HSCI bug...might want to open a support case on your issue.
11-21-2018 09:40 AM
The HSCI interface has been causing a lot of issuess on the PA-3200 series as of late, but I haven't heard about many issues with the 5200 series. I'd do what @Brandon_Wertz recommends and open a ticket on the manner, it appears that HSCI is really finiky at the moment and might be better avoided if your setup allows for it.
10-05-2019 08:58 PM
We have PA 5220 in Active passive running Pan OS 8.1.9
We have HA2 connection on HSCI port with 40Gig QSFP ER
Every few hours link goes down and then comes back automatically
In other words it is flapping.
Fiber is single mode tested and also QSFP+ tested and certified.
Any ideas?
10-06-2019 07:10 PM
Are these physically separated by a distance that justifies SM or are these sitting in close proximity?
10-07-2019 07:27 AM
Yes they are 10km apart and we are using single mode with right QSFP
11-23-2020 02:32 PM
I have two pairs of PA-3220s in active-standby mode that have been in use for a little more than two years. They are all running 8.1.13-h3, located in the same rack, and the HSCI ports are interconnected with SR-SPF+ mods and 50 micron multimode fiber.
As recent as a few weeks ago, one pair began flapping on the HSCI port. No changes were made at the time we noticed the port flapping. One thing that I can see from the CLI is the active firewall has no link on the HSCI port, and the standby does.
We replaced the optics and fiber to no avail. We already have a TAC case open but they don't have any fixes. I know that someone already mentioned that rebooting didn't help. Does anyone have any other ideas? Is anyone on the PANOS 9.1 track and still experiencing these issues?
11-24-2020 07:05 PM - edited 11-24-2020 07:08 PM
In our case QSFP+ which we were using was 40km + as we were supposed to move our Passive PA to other DC.
For some reasons it was delayed and we replaced our QSFP+ with 10km range and then flapping was fixed as QSFP+ were
getting overheated due to short distance.
I will ask you to check the light levels on the QSFP?
Do you have PA recommended Vendor QSFP?
Also see if it is some bug with current version?
Also i Hope tech would have run this command less cp-log brdagent.log
Regards
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
