This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Packet drops in LAN interface,..

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Packet drops in LAN interface,..

Gururaj
L4 Transporter

‎02-26-2014 05:42 AM

Hi All,

For a 5 minutes we are unable to access internet ( even not able to ping next hop router), We observed that there is a packet drops in PaloAlto LAN interface, below snap shows the same. Can any body give the reason for this packet drops?

Please help me to identify the root cause,.

Thank you,

Guru

1.png

3 people had this problem.
Labels:
0 Likes Likes
10 REPLIES 10

kdd
L4 Transporter

‎02-26-2014 05:54 AM

Hi Gururaj,

there are more information needed. Does anybody change something and is there something in the traffic- system- or configuration-log? Please let us know.

Cheers Klaus

0 Likes Likes

Daniel_G
L0 Member
In response to kdd

‎05-27-2016 12:33 PM

Hi everyone...

 

I have the same issue but i can't found some clue to have the diagnose, the counters on each interface are weird. in my case the disconnect occurs at least 15 seconds, maximum 30 seconds, but this is enough to make server applications get offline....

 

i suspect that the problem comes on the interface assigned for LAN connection because the ping don't respond when the problem occurs...

 

 

LAN interface.JPG

i tried to find answers in the system logs ,traffic logs and threat logs but there's nothing unusual. no information about some disconnected interface, some kind of threat DDos or a simple rule that deny the connections.

 

i need help......

0 Likes Likes

Transporter
L3 Networker

‎05-28-2016 05:25 AM - edited ‎06-07-2016 02:43 AM

Hi Guys,

 

It could be many reasons for this. 

 

The Difference Between Receive Errors for Hardware and Logical Interface Counters

 

https://live.paloaltonetworks.com/t5/Learning-Articles/The-Difference-Between-Receive-Errors-for-Har...

 

Packet Drop Counters in "Show Interface Ethernet ..." Display

 

https://live.paloaltonetworks.com/t5/Learning-Articles/Packet-Drop-Counters-in-quot-Show-Interface-E...

 

Is it SFP interface. We had a similar issue before with bad SFP interface/module.

 

How to Check Interface Hardware Counters Including Errors

 

https://live.paloaltonetworks.com/t5/Learning-Articles/How-to-Check-Interface-Hardware-Counters-Incl...

 

Need a better picture of you topology set-up

BenjAudy.MTL
L4 Transporter

‎05-29-2016 04:59 PM

Hi,

 

Maybe your zone protection kicked in? Look for floods coming from IP address 0.0.0.0 and action "drop" in your threats logs.

 

Benjamin

0 Likes Likes

reaper
Cyber Elite
Cyber Elite
In response to BenjAudy.MTL

‎05-30-2016 02:19 AM

The moment the outage occurs you could also try to run

> show counter global filter delta yes severity drop

a couple of times. the delta filter will make sure you only see the counters that incremented after the first time you executed the command, so starting from the second time you should see which types of drops the system is seeing 'right now', this could help determine if the drops are caused by the system or are a result of an issue further down the stream (packets dropped because session is out of sync, not receiving syn packets, idle timeout , ...)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

asi
L0 Member
In response to Daniel_G

‎07-15-2016 07:18 AM

Hi Daniel,

 

I have a similar issue, did you find the solution to this problem

 

Thanks

Hari

0 Likes Likes

sudhakar050845
L0 Member
In response to asi

‎01-30-2019 05:02 AM

i am also having the same issue for 1 month PA TAC is provided the RMA Device with out proper investigation, still having the same issue

0 Likes Likes

reaper
Cyber Elite
Cyber Elite
In response to sudhakar050845

‎01-30-2019 06:04 AM

Hi @sudhakar050845

 

What kind of troubleshooting has been performed by yourself or TAC and what were your findings?

what version of PAN-OS are you one?

 

Although this post dates from 2016, the troubleshooting steps mentioned above could still prove useful, have you been able to try them and what drop counters did you see ?

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

sudhakar050845
L0 Member
In response to reaper

‎01-31-2019 12:50 AM

Hi Team,

We found and resolve the issue today, we have 2 set of PA firewalls are configured in HA, in the same subnet with Simmilar HA group ID, today we have changed the HA group ID on the ping drop FIrewall, issue got resolved

 

So group ID has to be diffrent when there are more than one HA firewalls are placed in the same subnet.

 

Thanks

Sudhakar

 

0 Likes Likes

reaper
Cyber Elite
Cyber Elite
In response to sudhakar050845

‎01-31-2019 03:37 AM

as an FYI: the HA group ID is used to form the VMAC that is shared between the HA members, reuse of this ID will cause multiple clusters to have the same VMAC

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes
  • 11828 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks