Interface shutting down

Reply
Highlighted
L1 Bithead

Interface shutting down

I have a VM-100 running 8.0.12.  I inherated this configuration from the previous network engineer.  I am quite new to PAN-OS and have found that an interface that faces the Internet is shutting down.  

I can cycle the port in the GUI, and able to ping to the Internet 1.1.1.1 and 8.8.8.8 and within my LAN for no more than 5 minutes then the interface goes down.  

Thinking about this I'm leaning towards some sort DOS trigger that shuts down the interface is configured somewhere.  

I would appreciate your thoughts and suggestions.  

Highlighted
Cyber Elite

Re: Interface shutting down

@mculbreth,

It's unlikely to be a DoS policy, but it could have something to do with a Zone Protection profile if one has been inproperly configured. I would take a look at that first just to verify if you have one assigned to your zones or not, and then I would take a look at the system logs and see if the interface is attempting to do a DHCP update every 5 minutes that is mucking up the route table. 

Highlighted
Cyber Elite

Re: Interface shutting down

Also did you check the physical connection?

does interface shutdown and comes back on its own?

 

Also as Bpry mentioned any zone protection applied to that interface?

MP
Highlighted
L1 Bithead

Re: Interface shutting down

@BPry 

Thanks,

There are Zone Protection policies defined and assigned to the interface.  I'll begin looking at those.  I looked through the logs and seen an excessive amount of hits on one policy, The firewall was trying to send logs to an IP that is not in the management network.  I took that IP out and removed the Management Profile from the interface.  Since this is a development environment I removed the Management Profile from the interface so we could do updates in that subnet.  

Highlighted
L1 Bithead

Re: Interface shutting down

@MP18 

Thanks.  There are Zone Peotection polices applied.  I'm going to look at those on Monday.  The interface would not come back up after shutting down until I used the WebUI to close then open the port.  Physical connection is in place and works.

 

I looked through the logs and seen an excessive amount of hits on one policy, The firewall was trying to send logs to an IP that is not in the management network.  I took that IP out and removed the Management Profile from the interface.  Since this is a development environment I removed the Management Profile from the interface so we could do updates in that subnet.  

Highlighted
Cyber Elite

Re: Interface shutting down

@mculbreth,

If you look at the threat logs on the firewall you should be able to see if your Zone Protection Profile is actually causing any traffic issues or not. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!