Very weird PanOS upgrade issue

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Very weird PanOS upgrade issue

L4 Transporter

We have a pair of active passive firewalls on PanOS 9.0.11. We have attempted to upgrade to 9.1.10 4 times out of which 2 times was with tech support. Upgrade seems to cause issue with some linux servers which are critical to us. As an example we have system running Nagios which starts alerting immediately for number of devices. And when we try to ssh from a system we get the user prompt and most of the time we don't see the password prompt and only 1 or 2 times may reach password prompt but authentication fails.


It causes issue between 2 linux servers in the same vlan. The only reason i can think of this night be caused by is that because these are linux boxes authenticate with a DC which is in a different zone. 


Also SSH alone is not the issue, cloud monitoring systems report couple of linux system running some web services down. And an Oracle database fails.


Community Team Member

Hi @raji_toor ,


It would be more helpful if you could share some info on how the traffic is being identified by the FW. 

Are you seeing any drops or strange global_counters acting up ?




LIVEcommunity team member, CISSP
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Cyber Elite
Cyber Elite


As @kiwi mentioned the information being provided isn't enough to actually help you troubleshoot these issues. When you've attempted these upgrades have you had your interzone-default policy setup to log denied traffic and ensured that you aren't dropping anything due to the upgrade causing the app-id being identified to change? 

When you ran through this with support what did you guys verify post change and what did they identify as possible issues? They should have grabbed a technical support file before letting you revert the upgrade so they at least had a copy of the logs to look through to aid in investigation. I'd also recommend in the next attempt that you ensure you have syslog forwarding setup for all traffic and threat logs so they're being forwarding to something off the device so you can review those as well when stuff isn't actively down. 

After 3 months it seems issue has been identified and using commands in this article resolved the issue with passive firewall. Active will be upgraded and reset in the next outage window.

  • 3 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!