PAN-OS 8.1.0 SMB Issues

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PAN-OS 8.1.0 SMB Issues

L5 Sessionator

Hello all,

 

Please be advised, there is a current issue with PAN-OS 8.1 which seems to break anything SMB related, e.g. mapped network drives. Sessions have an end reason of "resources-unavailable" and go into state "Discard" in the session table.

 

Upon speaking with a TAC engineer, this is a known issue and they are working towards a fix.

 

Edit: This is now resolved in PAN-OS 8.1.1 under BugID:

 

PAN-94445
Fixed an issue where Server Message Block (SMB) sessions were in a discard state with the session end reason resources-unavailable

 

Thanks,

Luke.

 

2 accepted solutions

Accepted Solutions

L3 Networker

TAC suggest to create an application override policy as workaround or downgrade to 8.0.X PANOS version.

 

Jacopo

View solution in original post

PAN-94445
Fixed an issue where Server Message Block (SMB) sessions were in a discard state with the session end reason resources-unavailable.

View solution in original post

32 REPLIES 32

L3 Networker

TAC suggest to create an application override policy as workaround or downgrade to 8.0.X PANOS version.

 

Jacopo

Did you try the Application Override or did you downgrade?

Applicaton Override does the trick.

I didn't have time to mess around on Sunday when this was discovered, so we downgraded.  Thankfully that went smoothly.

L0 Member

Thanks for the info, I was just about to deploy 8.1 to one firewall 🙂

Ended up doing a downgrade too, went back to 8.0.8. I so wanted the hit counter 😞

 

Does anyone know if there is an Issue ID for this problem?

L0 Member
We did the downgrade also. Waiting to resolve the issue

L1 Bithead

We just had a day's outage due to this issue.  Palo Alto *really* should have pulled the update and warned people who have installed it.

L1 Bithead

So far I've had no issues with 8.1 och PA-220, not that much traffic passing through it though...

On a couple of PA-850 the only option was to do a downgrade, no SMB traffic worked as intended.

 

Could it be related to certian hardware platforms? What platforms have you experienced problems on?

We have two 3050 's in ha configuration

We have a pair of PA-5060s, and were seriously affected.  Everyone using SMB was unable to do any work for 8 hours. 

Re: Application Override to resolve PAN OS 8.1.0 SMB Issues

 

Does this apply to environments where the Palo Alto firewall provides routing to the local LAN and IPSEC tunnels to remote LANs on internal trusted interfaces where no Security or NAT policies are programmed?

 

If so, which applications need to be overridden to work-around this bug?

 

This is a devastating issue when it occurs.

 

Our work-sround has been to switch the active and passive roles of 2 PA-500 firewalls to reset the routing. This restores LAN and IPSEC tunnel routing for SMB but only works until the problem returns.

The problem should be fixed with 8.1.1 which is scheduled to be released by the end of April. The issue ID is PAN-93016.

 

Thanks.

Jacopo

L1 Bithead

We ran into this issue as well.  I'm really surprised this wasn't noticed during testing.  Creating the application override solved the problem.

  • 2 accepted solutions
  • 24460 Views
  • 32 replies
  • 5 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!