This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Intermittitent Communication Problem

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Intermittitent Communication Problem

xcz504d1114
Not applicable

‎01-16-2012 11:04 AM

I was wondering if anyone else has seen this issue or knows of the possible cause. The issue is, some traffic is not being passed through the paloalto in a vwire Active / Active configuration.

For instance, 2 people on the same subnet, connected to the same switch, person A can ping the device through the PAN firewall, but Person B cannot. This is true from several locations, from Core A, it is not reachable, from Core B it is etc. I don't see any denied traffic (or permitted traffic) from the source that is not able to communicate, by passing the PAN FW resolves the issue, or swapping the physical connection to the other PAN FW also resolves the issue.

I am running 4.0.8 OS.

Thanks,

Craig

0 Likes Likes
1 REPLY 1

spolo
L4 Transporter

‎01-16-2012 10:12 PM

When running Active-Active there are a lot more variables in the equation, consequently more difficult to troubleshoot.  Since traffic is active on both devices, you'll have to look at logs on both devices so understand traffic flow.  If you have to do packet captures, you'll also have to look at both devices, which ultimately you may have to do here if you can't track it down.

Generally, I have not seen what you're describing with Active-Active vWire.  I've mostly seen it work pretty well, but there could be other things in your network that could be creating a problem, as your network design with vWire needs to be a consideration.  For example, if there are two vWires between two switches, spanning tree running on your switches could be blocking one of the vWire paths, creating an issue.

While there may be circumstances that require Active-Active, I generally prefer Active-Standby for simplicity of troubleshooting, but if you must use Active-Active, know that your troubleshooting burden will be larger and I'd get some help from your reseller engineer, local Palo Alto Networks SE or Palo Alto Networks support team.

  • 1834 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks