Problem with Panorama commit

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Problem with Panorama commit

L2 Linker
Hello there!


I have a problem when I try to push the commit to Panorama. This commit is added to the queue, but then nothing else happens. The odd thing is that nothing is queued in the firewall queue...


Thanks in advance.
13 REPLIES 13

L0 Member

What software  version are you using?  

It's Panorama version 8.1.6.

So does it FAIL eventually?

Yes, jeremy.larsen, it fails. No error is shown, but the commit is not done. This task appears to be on the queue, but is never done.

Thanks and regards.

I'm confused.  If it is still in the queue, then that sounds like it is hung but never actually fails?  By fail, I mean you get a commit failure in the logs with details about the failure.

I have the same problem!  I'm running 8.0.15 and I've had this issue since upgrading to 8.0 from 7.1.

I only have this issue on firewalls with HA.  I can get the commits to go through after restarting panorama.

My TAC case is about 3 months old at this point.

 

Edit:  I never see the commit hit the firewalls, it stays in queue on the panorama.

You're right, jeremy.larsen, I did not express it right. The commit does not fail, it was simply never made.

 

But good news: this problem was solved after rebooting the device. 🙂

@ebonjour I was to quick answering you without reading that you have already tried rebooting the device. It worked at least for me... Regards.

I'd be curious to see if you pulled a snapshot and reinstalled Panorama from scratch on the same version if this continued to happen.  Perhaps some residual garbage from the upgrade process?  I know that sounds painful.


@Bittereinder wrote:

@ebonjour I was to quick answering you without reading that you have already tried rebooting the device. It worked at least for me... Regards.


If you are having the same problem I am, then the commit queueing will occuring again.  Usually this takes about 5-10 minutes, but sometimes longer.


@jeremy.larsen wrote:

I'd be curious to see if you pulled a snapshot and reinstalled Panorama from scratch on the same version if this continued to happen.  Perhaps some residual garbage from the upgrade process?  I know that sounds painful.


After 3 months of this I would try anything, but this does sound really painful.  The worst part of this is that diffs fail, these actually timeout after 4 minutes and 30 seconds, unlike commits that do not have a failure timer (kinda scary!).

After 4 months I asked for esclation and after a couple days received a request to make a simple change.

Panorama -> Setup -> Logging and Reporting Settings -> Buffered Log Fowarding from Device - enable it.

It took 3 hours to impact one set of HA firewalls and 6 hours another another set.  Not enabling this requires the firewalls ACK every single log sent to Panorama which increases mgmt CPU usage and causes issues like I had. 

 

Not sure if this setting is default in later releases, it should be.  I've had this panorama install since 5.1 and upgraded since then, issue starting happening after upgrading to 8.0.x.

I can confirm this is the default on newer installs.  Here is a screenshot from a new install from a few weeks ago in the lab.  Glad you figured this out!

Capture.PNG

  • 9716 Views
  • 13 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!