Upgrade to PAN-OS 6.0.4 - a virtual wire did not come up

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Upgrade to PAN-OS 6.0.4 - a virtual wire did not come up

L2 Linker

Hello,

I have a PAN-OS 6.0.2 box that I upgraded to PAN-OS 6.0.4.  I have two vwires: one on interfaces 1/2 and another on 5/6.  The vwire on 5/6 did not come up.  The interfaces are "up" (green) as far as the web gui is concerned. The "Monitor" shows traffic being "allowed" per the appropriate rules.  However, traffic is not flowing.

I have not tried rebooting the device and I don't want to yet... I would like to understand what is broken.  Can anyone offer some advice on how to troubleshoot this?

Thank you,

Chris

6 REPLIES 6

L6 Presenter

Hi Chris,

How did you determine firewall is dropping traffic if its allowed in Traffic log ?

Can you do packet capture on those interfaces to confirm the same. Also check for dropped packets if there is any.

How to Run a Packet Capture

Regards,

Hardik Shah

L7 Applicator

I know this is a little extreme, but have you tried another reboot of the system.

I had a situation with a 5k series last year where a power off and on of one of the connected vwire routers caused those same symptoms for the vwire link.  no other combination of link bouncing on any of the three devices or reboots helped.  We had to reboot the PA to restore the flow.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

Steven,

Thank you.  I will reboot as soon as I can and report back.

Chris

Hi Chris,

I would suggest to continue this thread to find root cause of the issue.

Or open a TAC case, if you reboot the device than you will never come to know result.

Regards,

Hardik Shah

L3 Networker

If you have Link Pass Thru enabled on the VWIRE, try disabling to see if the interfaces still show up on the PAN.  It should help during trouble-shooting..  Also, make sure STP on the remote ends is setup correctly, and ensure they enable Portfast if not. Might help if you post information on how the remote ports are configured.

--Felix

L2 Linker

Folks,

Thank you all for your help with this.  The vwire came back up some time after after unplugging and re-plugging the cables (I'm sorry I don't know how long after could have been 1 second or 1 day).

FYI the vwire does have "link pass through" enabled.

In summary:

0. Traffic is flowing on vwire (verified with ping)

1. Upgrade PAN-OS from 6.0.2 to 6.0.4

2. PAN reboots as part of the upgrade

3. Ping (and other tests) confirm traffic is not flowing on vwire

4. PAN vwire is bypassed to get the network up

5. vwire is attached to a "test network"

6. I stupidly do not re-run step 3 (it is a remote site and we were all scrambling to get the net back up...)

7. monitor shows traffic is flowing on the vwire

8. I finally get around to re-running step 3 and it shows that the wire is back up

Chris

  • 4269 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!