Internet keep disconnect for USERS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Internet keep disconnect for USERS

L0 Member

Hi,

 

We are using PALOALTO since 2 years when we replaced our firewall cisco with paloalto we thought that the things will be normal, but after deploying it we started facing issues frequently. Our main problem is INTERNET DISCONNECTION from the time we deployed PA. last week i have upgrade the PA OS to 10.0.5 from 9.1.6 from the time i upgrade the devices again we started facing the same issue which we use to face at the beginning. and the Support of PA is not good.

 

MY Issue is Internet keep disconnect for every 1 hour some time 30 mints even the PALOALTO support unable to solve the issue.

 

Waiting for reply..

 

Thanks, 

 

5 REPLIES 5

Cyber Elite
Cyber Elite

@AmirKhan 

 

First of all I will recommend you to upgrade to Upgrade to 10.1.0 as 10.0.0 release has some  bugs.

When you say Internet disconnect do you mean Internet connection from your users to Internet or you mean

Global Protect connection?

 

If it is your company Internet connection then i will check the port for physical errors like cable sfp etc first.

 

Regards

MP

Help the community: Like helpful comments and mark solutions.

Cyber Elite
Cyber Elite

@AmirKhan,

To start off with, I absolutely would not recommend installing 10.1.0 in a production environment. That release is literally brand-new, and it's in no way recommend at this time. I would have personally stuck on 9.1 if you were already experiencing issues and just installed 9.1.9 (preferred release), but 10.0.6 works perfectly fine in the majority of environments as well.

When you say that users are disconnected from the internet, what about connections to the rest of your security zones? Is it only internet/untrust traffic that is effected, or is it any traffic traversing the firewall? Have you looked through your traffic logs and verified that this traffic isn't getting denied due to something like the IP losing it's ip-user-mapping and not matching your existing entries (ensuring that you've enabled the interzone-default logging)? 

 

I would personally stop doing major platform updates until you've identified the current issue at hand. 9.1.6, while not the latest supported release in that branch, was perfectly stable enough that you shouldn't have been seeing the firewall just drop users traffic. 

L0 Member

I am also facing this issue with 220, I have 2 ISP's suddently they both get disconnected at the same time for 10min-20- 30 some times it takes 1 hour also but get ping of firewall. I have checked both the ISP's parallely on single PC both are working fine but internet services are barred in Firewall for that time period. I have logged the case already and unable to resolve the issue, its been a month & I have also get the RMA device but facing same issue every time. Support team help me to upgrade the OS & patches but unable to resolve my issue.

Community Team Member

Hi @ashwanig9211 ,

 

Hard to say what's happening with the information provided.

 

I'd start by checking the logs during the timeframe of the outage to identify any sort of failure on the PA side.... also are your packages egressing the FW as expected ? Are you getting any response back ? Are there spikes in traffic or CPU at the time of the outage ? Are your interfaces going down during the outage ? Could the issue be upstream ?

 

I'm sorry but there's just not information to help you. 

 

Kind regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

@ashwanig9211  If you have replaced the firewall then it might be issue with upstream?

You need to ask your ISP to check their side physical port for errors and logs on the ISP device.

 

Regards

MP

Help the community: Like helpful comments and mark solutions.
  • 5190 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!