Triage / troubleshooting a hung PA box?

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Triage / troubleshooting a hung PA box?

L3 Networker

I have a PA-2020, I upgraded it to 3.1.4 a week or two ago, and haven't touched it since.  It is not currently live, I just have the mgmt port hooked up as I'm still trying to copy all of my old Sonicwall rules into PA format.

I went to continue working on it today and it is responding to pings, but not SSH or the web interface.  I haven't tried the serial console yet but that's the next thing I'm going to look at.

Is there anything that support could use from me to determine why this happened / what is wrong?  Again it's not even passing traffic yet and there isn't much on there in the way of complexity, so I am completely baffled as to why the unit would be locked/unresponsive.  Smiley Sad


L4 Transporter

You'll want to open a support case for this one. They'll want to tech-support log to determine what happened. I believe this is the command is PAN OS 3.1.4 to generate a tech-support dump from the CLI.

request tech-support dump

It may be an issue with the management server process. You can try restarting the management server with this command:

debug software restart management-server

Oddly, it doesn't even seem to be responding on the serial port.  Are the specs for the cable available somewhere?  I've tried both a Null-modem and a Cisco-style "rollover" cable and those don't work.  (The included cable isn't long enough as I'm trying to avoid sitting in the server room with a laptop.  Smiley Wink)  I have a nice "universal" serial cable that I've built and every device I've ever seen has been null-modem or Cisco cable, with the very rare machine that uses a straight-through connection instead.

I'm not getting any response from any of those three options right now, which leads me to believe maybe the entire management system is hung completely.  Next thing is to break out the laptop and try it using the original PA cable (if I can find it)...

Tried the PA serial cable (it's gray, right?  Found it in a bag with the other cables that came with the system so I think this is the right one), same thing.  No response from the console port.

At this point I guess we can't do much other than reboot the box, but I'm going to try to get support on the line first to confirm what commands (if any) they want me to run to try to troubleshoot the issue.  I tried calling earlier but everyone was out to lunch.  Smiley Happy

That is odd. They had a problem in PAN OS 3.1.3 where the PA-20xx series would just lock up and a reboot would be the only fix, but they said they fixed it in PAN OS 3.1.4.

Very odd indeed.

Yes, I remember seeing that notice re: 3.1.3, which is why I upgraded the box to 3.1.4 not long after it came out.  Smiley Happy

I'm curious whether or not the data ports would still be passing traffic/firewalling right now (i.e. just mgmt is bricked) or if the whole device is hosed right now... but I can't be arsed to screw around with the needed setup on my end to test data flow unless someone really needs me to.  (I'd have to do a lot of IP mucking around on some test machines in order to get flow through the unit since it isn't currently in production and I don't really have a test "lab" per se.)

  • 5 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!