Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Is my upgrade the cause of a vlan not working

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Is my upgrade the cause of a vlan not working

L4 Transporter

After I upgraded my palo alto fro 7.1.15 to 7.1.16 I had a report that a certain vlan can not longer access the internet.  I have a back up of the config before the upgrade and one after the upgrade and so far I don't see any change in virtual routers that would have cause the PA to block the traffic. I know that is very little information but if anyone has any suggestions I would appreciate it

9 REPLIES 9

Cyber Elite
Cyber Elite

@jdprovine,

While it wouldn't be impossible to see an update cause an issue with the configuration that may cause an issue like this, it would be abnormal. Looking at your logs to you see the traffic trying to come across the firewall or can you not even see the traffic? 

@BPry

There is absolutely no traffic from that vlan showing on the firewall at all. 

@jdprovine,

I'd try to take a PCAP and see if the firewall simply isn't reporting the traffic. Past that I don't think an update would be able to cause this sort of situation short of it somehow managing to 'disable' the port. 

@BPry

I ran a continuous ping to the gateway in the vlan while I ran pcaps with the filter of my pc IP and the gateway IP. The only thing I saw was "no response found"

@BPry

@reaper

the issue ended up being a static route missing from a virtual router, would a firmware update to that?

@jdprovine,

With a maintenance update this would be the only time I've ever seen or heard about a static route being removed. That isn't to say that it isn't impossible; I've seen routing tables get messed up due to upgrading major versions, but that was years ago and was extremely uncommon then. 

I would take a look at your configuration logs and see if another admin didn't clean something up that should have still been there. I wouldn't suspect that the update caused this. 

@BPry

 

I take backup of the config before upgrading and the route that was added to fix the issue did not exist prior to the upgrade

@jdprovine,

I would guess then that this really wasn't the reason it stopped working; the route was simply what kicked it back into knowing where to send the traffic. 

@BPry

My conclusion as well that something before or after the PA changed and the added route let it go where it needed too again

  • 3649 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!