06-09-2021 10:42 PM
Hi,
We are using PALOALTO since 2 years when we replaced our firewall cisco with paloalto we thought that the things will be normal, but after deploying it we started facing issues frequently. Our main problem is INTERNET DISCONNECTION from the time we deployed PA. last week i have upgrade the PA OS to 10.0.5 from 9.1.6 from the time i upgrade the devices again we started facing the same issue which we use to face at the beginning. and the Support of PA is not good.
MY Issue is Internet keep disconnect for every 1 hour some time 30 mints even the PALOALTO support unable to solve the issue.
Waiting for reply..
Thanks,
06-12-2021 08:58 PM - edited 06-12-2021 11:49 PM
First of all I will recommend you to upgrade to Upgrade to 10.1.0 as 10.0.0 release has some bugs.
When you say Internet disconnect do you mean Internet connection from your users to Internet or you mean
Global Protect connection?
If it is your company Internet connection then i will check the port for physical errors like cable sfp etc first.
Regards
06-12-2021 09:29 PM
To start off with, I absolutely would not recommend installing 10.1.0 in a production environment. That release is literally brand-new, and it's in no way recommend at this time. I would have personally stuck on 9.1 if you were already experiencing issues and just installed 9.1.9 (preferred release), but 10.0.6 works perfectly fine in the majority of environments as well.
When you say that users are disconnected from the internet, what about connections to the rest of your security zones? Is it only internet/untrust traffic that is effected, or is it any traffic traversing the firewall? Have you looked through your traffic logs and verified that this traffic isn't getting denied due to something like the IP losing it's ip-user-mapping and not matching your existing entries (ensuring that you've enabled the interzone-default logging)?
I would personally stop doing major platform updates until you've identified the current issue at hand. 9.1.6, while not the latest supported release in that branch, was perfectly stable enough that you shouldn't have been seeing the firewall just drop users traffic.
07-09-2023 10:06 PM
I am also facing this issue with 220, I have 2 ISP's suddently they both get disconnected at the same time for 10min-20- 30 some times it takes 1 hour also but get ping of firewall. I have checked both the ISP's parallely on single PC both are working fine but internet services are barred in Firewall for that time period. I have logged the case already and unable to resolve the issue, its been a month & I have also get the RMA device but facing same issue every time. Support team help me to upgrade the OS & patches but unable to resolve my issue.
07-14-2023 01:42 AM
Hi @ashwanig9211 ,
Hard to say what's happening with the information provided.
I'd start by checking the logs during the timeframe of the outage to identify any sort of failure on the PA side.... also are your packages egressing the FW as expected ? Are you getting any response back ? Are there spikes in traffic or CPU at the time of the outage ? Are your interfaces going down during the outage ? Could the issue be upstream ?
I'm sorry but there's just not information to help you.
Kind regards,
-Kim.
07-18-2023 07:36 AM
@ashwanig9211 If you have replaced the firewall then it might be issue with upstream?
You need to ask your ISP to check their side physical port for errors and logs on the ISP device.
Regards
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
