09-22-2021 08:00 AM
We have a pair of active passive firewalls on PanOS 9.0.11. We have attempted to upgrade to 9.1.10 4 times out of which 2 times was with tech support. Upgrade seems to cause issue with some linux servers which are critical to us. As an example we have system running Nagios which starts alerting immediately for number of devices. And when we try to ssh from a system we get the user prompt and most of the time we don't see the password prompt and only 1 or 2 times may reach password prompt but authentication fails.
It causes issue between 2 linux servers in the same vlan. The only reason i can think of this night be caused by is that because these are linux boxes authenticate with a DC which is in a different zone.
Also SSH alone is not the issue, cloud monitoring systems report couple of linux system running some web services down. And an Oracle database fails.
09-23-2021 07:16 AM
Hi @raji_toor ,
It would be more helpful if you could share some info on how the traffic is being identified by the FW.
Are you seeing any drops or strange global_counters acting up ?
Cheers,
-Kiwi.
09-23-2021 06:43 PM
As @kiwi mentioned the information being provided isn't enough to actually help you troubleshoot these issues. When you've attempted these upgrades have you had your interzone-default policy setup to log denied traffic and ensured that you aren't dropping anything due to the upgrade causing the app-id being identified to change?
When you ran through this with support what did you guys verify post change and what did they identify as possible issues? They should have grabbed a technical support file before letting you revert the upgrade so they at least had a copy of the logs to look through to aid in investigation. I'd also recommend in the next attempt that you ensure you have syslog forwarding setup for all traffic and threat logs so they're being forwarding to something off the device so you can review those as well when stuff isn't actively down.
11-17-2021 09:03 PM - edited 11-17-2021 09:04 PM
After 3 months it seems issue has been identified and using commands in this article resolved the issue with passive firewall. Active will be upgraded and reset in the next outage window.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boS5CAI
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
