This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Layer 3 Stops Passing - All PanOS versions incl. 6.1.3
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- General Topics
- Re: Layer 3 Stops Passing - All PanOS versions incl. 6.1.3
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Layer 3 Stops Passing - All PanOS versions incl. 6.1.3
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-26-2015 05:37 AM
I have opened this with TAC a while ago but I continue having issues with Layer 3 not passing through the untrust/internet interface at random times. I have had this happen 5 to 10 times on different PA-200's. Some have repeated. I was hoping a firmware upgrade to 6.1.3 would finally fix this but yesterday one of my first 6.1.3 units locked up. Layer 2 is fine. I look in my router and the ARP entry for the PAN is in there. I clear ARP table and it repopulates with MAC/IP as the PAN responds correctly.
Rebooting the router doesn't do anything for the PAN to pass Layer 3 again. The only way to get PAN to pass Layer 3 again is a reboot of the PAN itself. We are running LSVPN on all spoke sites for VPN and the only curveball is that my hubs are on older 6.0.5h3 code. Just throwing this out there for discussion in case others have seen it.
Labels:
- Labels:
-
Networking
-
Troubleshooting
13 REPLIES 13
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-27-2015 05:02 AM
I don't have a real solution, but you could try just restarting the routing service instead of the entire PAN device.
>debug routing restart
>debug software restart routed
Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-29-2015 12:25 PM
panos - We have upgrades to 6.1.3 scheduled for this week. Are there any particular fixes in there that would address what I am seeing? I am also working on applying 6.1.3 to all spokes as well. 6.1.2 is not very stable for us. I guess I want to make sure we're not just throwing spaghetti at the wall just because we have a pot of it. I will try anything but if there are some known issues addressed, I'd like to know.
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
03-30-2015 06:51 AM
Now that you are mentioning LSVPN I know that there is an issue with satellites being upgraded to 6.1.2. After upgrade satellites generate an error that the config retrieval from the portal fails and the tunnel never goes up. I suspect that this issue is also in 6.1.3.
Related Content
- Unknown additional fields in GlobalProtect logs in General Topics
- Failed to install version 10.0.0 type panos in General Topics
- Device Telemetry can't be removed/disabled from Panorama and/or local in Next-Generation Firewall Discussions
- Updating the HA configuration in large hops. in General Topics
- New GP Client Install in GlobalProtect Discussions
Like what you see?
Show your appreciation!
Click Like if a post is helpful to you or if you just want to show your support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks