Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Packet drops in LAN interface,..

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Packet drops in LAN interface,..

L4 Transporter

Hi All,

For a 5 minutes we are unable to access internet ( even not able to ping next hop router), We observed that there is a packet drops in PaloAlto LAN interface, below snap shows the same. Can any body give the reason for this packet drops?

Please help me to identify the root cause,.

Thank you,

Guru

1.png

10 REPLIES 10

L4 Transporter

Hi Gururaj,

there are more information needed. Does anybody change something and is there something in the traffic- system- or configuration-log? Please let us know.

Cheers Klaus

Hi everyone...

 

I have the same issue but i can't found some clue to have the diagnose, the counters on each interface are weird. in my case the disconnect occurs at least 15 seconds, maximum 30 seconds, but this is enough to make server applications get offline....

 

i suspect that the problem comes on the interface assigned for LAN connection because the ping don't respond when the problem occurs...

 

 

LAN interface.JPG

i tried to find answers in the system logs ,traffic logs and threat logs but there's nothing unusual. no information about some disconnected interface, some kind of threat DDos or a simple rule that deny the connections.

 

i need help......

L3 Networker

Hi Guys,

 

It could be many reasons for this. 

 

The Difference Between Receive Errors for Hardware and Logical Interface Counters

 

https://live.paloaltonetworks.com/t5/Learning-Articles/The-Difference-Between-Receive-Errors-for-Har...

 

Packet Drop Counters in "Show Interface Ethernet ..." Display

 

https://live.paloaltonetworks.com/t5/Learning-Articles/Packet-Drop-Counters-in-quot-Show-Interface-E...

 

Is it SFP interface. We had a similar issue before with bad SFP interface/module.

 

How to Check Interface Hardware Counters Including Errors

 

https://live.paloaltonetworks.com/t5/Learning-Articles/How-to-Check-Interface-Hardware-Counters-Incl...

 

Need a better picture of you topology set-up

L4 Transporter

Hi,

 

Maybe your zone protection kicked in? Look for floods coming from IP address 0.0.0.0 and action "drop" in your threats logs.

 

Benjamin

The moment the outage occurs you could also try to run

> show counter global filter delta yes severity drop

a couple of times. the delta filter will make sure you only see the counters that incremented after the first time you executed the command, so starting from the second time you should see which types of drops the system is seeing 'right now', this could help determine if the drops are caused by the system or are a result of an issue further down the stream (packets dropped because session is out of sync, not receiving syn packets, idle timeout , ...)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hi Daniel,

 

I have a similar issue, did you find the solution to this problem

 

Thanks

Hari

i am also having the same issue for 1 month PA TAC is provided the RMA Device with out proper investigation, still having the same issue

Hi @sudhakar050845

 

What kind of troubleshooting has been performed by yourself or TAC and what were your findings?

what version of PAN-OS are you one?

 

Although this post dates from 2016, the troubleshooting steps mentioned above could still prove useful, have you been able to try them and what drop counters did you see ?

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hi Team,

We found and resolve the issue today, we have 2 set of PA firewalls are configured in HA, in the same subnet with Simmilar HA group ID, today we have changed the HA group ID on the ping drop FIrewall, issue got resolved

 

So group ID has to be diffrent when there are more than one HA firewalls are placed in the same subnet.

 

Thanks

Sudhakar

 

as an FYI: the HA group ID is used to form the VMAC that is shared between the HA members, reuse of this ID will cause multiple clusters to have the same VMAC

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 11655 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!