- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
I've had nothing but issues with our 850 HA pair since we've put them in production replacing a pair of 3020s. My previous thread here: https://live.paloaltonetworks.com/t5/General-Topics/PA-850-amp-Radius-PEAP/m-p/189233#M57311 detailed the initial main issue. The 8.0.6 firmware fixed a small portion of our radius issue, but the main fix was to set our tunnels on the 850 to 1448 MTU. After that, everything seemed to work fine.
Randomly, our 850s would be unable to communicate with all PAs using OSPF. They can still talk to a handful of devices using static routes, as well as a SonicWALL we still have using OSPF. The 850s still show all of the routes to the neighbors, however the remote sites do not show routes from the 850s. I can't recall what the neighbor state was on the remote end.
We've been working with support for weeks now trying to nail this down and I happened to come across an article talking about routing mtu. When I ran show routing fib I was surprised to see many of my interfaces come back at a MTU of 9126. At this point I realized that the global MTU was set to Jumbo frames by default. After disabling that on both of my 850s, rebooting, and removing the 1448 MTU on my tunnels, everything appears back to normal.
We definitely did not have jumbo frames enabled on our 3020s, so I'm pretty positive they came enabled by default on the 850s. Not sure if this is a mistake from the manufacturers image, or PA actually intended to release the 850s with jumbo frames by support, but I figured I'd post and possibly save some hair pulling for anyone else trying to swap in some 850s and seeing similar issues.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!