- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
06-14-2019 06:34 AM - edited 06-14-2019 06:35 AM
I have a VM-100 running 8.0.12. I inherated this configuration from the previous network engineer. I am quite new to PAN-OS and have found that an interface that faces the Internet is shutting down.
I can cycle the port in the GUI, and able to ping to the Internet 1.1.1.1 and 8.8.8.8 and within my LAN for no more than 5 minutes then the interface goes down.
Thinking about this I'm leaning towards some sort DOS trigger that shuts down the interface is configured somewhere.
I would appreciate your thoughts and suggestions.
06-14-2019 09:35 AM
It's unlikely to be a DoS policy, but it could have something to do with a Zone Protection profile if one has been inproperly configured. I would take a look at that first just to verify if you have one assigned to your zones or not, and then I would take a look at the system logs and see if the interface is attempting to do a DHCP update every 5 minutes that is mucking up the route table.
06-14-2019 10:26 AM
Also did you check the physical connection?
does interface shutdown and comes back on its own?
Also as Bpry mentioned any zone protection applied to that interface?
06-14-2019 12:04 PM - edited 06-14-2019 12:10 PM
Thanks,
There are Zone Protection policies defined and assigned to the interface. I'll begin looking at those. I looked through the logs and seen an excessive amount of hits on one policy, The firewall was trying to send logs to an IP that is not in the management network. I took that IP out and removed the Management Profile from the interface. Since this is a development environment I removed the Management Profile from the interface so we could do updates in that subnet.
06-14-2019 12:06 PM - edited 06-14-2019 12:10 PM
Thanks. There are Zone Peotection polices applied. I'm going to look at those on Monday. The interface would not come back up after shutting down until I used the WebUI to close then open the port. Physical connection is in place and works.
I looked through the logs and seen an excessive amount of hits on one policy, The firewall was trying to send logs to an IP that is not in the management network. I took that IP out and removed the Management Profile from the interface. Since this is a development environment I removed the Management Profile from the interface so we could do updates in that subnet.
06-14-2019 08:47 PM
If you look at the threat logs on the firewall you should be able to see if your Zone Protection Profile is actually causing any traffic issues or not.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!