PA-820 Firewalls Won't Come Back up After Upgrade to 8.0.7

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

PA-820 Firewalls Won't Come Back up After Upgrade to 8.0.7

L1 Bithead

I have two PA-820 firewalls that won't come back up after upgrading to 8.0.7. We have power-cycled to no avail. Support doesn't really have any answers beyond that at this point. We also upgraded an 850 that was fine. Any help?

10 REPLIES 10

Cyber Elite
Cyber Elite

@boneelb,

Can you get the 820 into maintenance mode? 

L3 Networker

Conect via console and check what's happening there. Or reboot in maint mode and rollback.

L1 Bithead
boneelb, were you able to restore the PAs?

Hello,

I also have a 820 that is misbehaving. Occasionally locks up to the point where there is no traffic passed and no lights on the device. A full power cycle is required. I have a TAC case open and htey think its a memory leak. Not sure why it failed after your reboot however.

 

Regards,

Hi all,

Not able to get it into maint mode or restore at this point. Still working with support.

Haven't been successful yet

Good to know! We've had green lights all along but nothing passing through / ping timeouts

L1 Bithead

After many hours with support, we figured out the problem was actually with our IPSec tunnels and required adding a new security rule - not sure why yet, as only thing we did was upgrade all 3 firewalls to 8.0.7 - guess I missed an important release note! Thanks for all of the help

Can you please share what policy was added to fix your issue. We currenlt have more than 6 of this, but the two that I have running IPSec tunnel keeps crashing and all the lights in fron disappears and only comes back up on reboot.

 

Thanks

Sure - this is the security policy I added to the main firewall that our remote sites tunnel to

 

Source - x.x.x.x (public IP of firewall on which rule is created)

Destination - x.x.x.x x2 destination address (the public IP addresses of the remote sites - we have two so two here for us)

Service - app default

 

To be clear, we already had a rule like the two below, but it did not seem to work after upgrading to 8.0.7

Source - Untrust

Destination - Untrust and address: Public IP of main site

Application - ike, ipsec

Service - App default

 

 

Please let me know if I can provide further information.

 

  • 6792 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!