Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Interface shutting down

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Interface shutting down

L1 Bithead

I have a VM-100 running 8.0.12.  I inherated this configuration from the previous network engineer.  I am quite new to PAN-OS and have found that an interface that faces the Internet is shutting down.  

I can cycle the port in the GUI, and able to ping to the Internet 1.1.1.1 and 8.8.8.8 and within my LAN for no more than 5 minutes then the interface goes down.  

Thinking about this I'm leaning towards some sort DOS trigger that shuts down the interface is configured somewhere.  

I would appreciate your thoughts and suggestions.  

5 REPLIES 5

Cyber Elite
Cyber Elite

@mculbreth,

It's unlikely to be a DoS policy, but it could have something to do with a Zone Protection profile if one has been inproperly configured. I would take a look at that first just to verify if you have one assigned to your zones or not, and then I would take a look at the system logs and see if the interface is attempting to do a DHCP update every 5 minutes that is mucking up the route table. 

Cyber Elite
Cyber Elite

Also did you check the physical connection?

does interface shutdown and comes back on its own?

 

Also as Bpry mentioned any zone protection applied to that interface?

MP

Help the community: Like helpful comments and mark solutions.

@BPry 

Thanks,

There are Zone Protection policies defined and assigned to the interface.  I'll begin looking at those.  I looked through the logs and seen an excessive amount of hits on one policy, The firewall was trying to send logs to an IP that is not in the management network.  I took that IP out and removed the Management Profile from the interface.  Since this is a development environment I removed the Management Profile from the interface so we could do updates in that subnet.  

@MP18 

Thanks.  There are Zone Peotection polices applied.  I'm going to look at those on Monday.  The interface would not come back up after shutting down until I used the WebUI to close then open the port.  Physical connection is in place and works.

 

I looked through the logs and seen an excessive amount of hits on one policy, The firewall was trying to send logs to an IP that is not in the management network.  I took that IP out and removed the Management Profile from the interface.  Since this is a development environment I removed the Management Profile from the interface so we could do updates in that subnet.  

@mculbreth,

If you look at the threat logs on the firewall you should be able to see if your Zone Protection Profile is actually causing any traffic issues or not. 

  • 3754 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!