04-30-2025 09:00 AM
We have an HA pair PA-440's running 11.1.6-h3 in FIPS-CC
Recently the Active firewall stopped allowing us to log into it or connect with Global Protect using local user accounts. Neiither the GUI or SSH works - it just times out. Seeing how its in FIPS-CC mode the console port is turned off so I could not test access via console.
The standby firewall allows you to log into it just fine.
I pulled the primary firewall and turned it off for a day or 2. When I turned it back on, you could log into it but that only lasted a few days and the issue returned.
One item I noticed is the Management plane had a very high CPU - normally between 60-80%. I'm not sure if there is a runaway process that eventually kills the Management plane?
Has anyone had this issue? If so what did you do to remediate it - maybe turn something off or an OS version?
Thanks,
05-01-2025 03:04 AM
Your PA-440 firewall running PAN-OS 11.1.6-h3 in FIPS-CC mode is experiencing high CPU usage on the management plane, leading to login issues. Some users have reported similar problems, and rolling back to PAN-OS 11.1.4-h1 helped stabilize performance.
@sos66sos wrote:
We have an HA pair PA-440's running 11.1.6-h3 in FIPS-CC
Recently the Active firewall stopped allowing us to log into it or connect with Global Protect using local user accounts. Neiither the GUI or SSH works - it just times out. Seeing how its in FIPS-CC mode the console port is turned off so I could not test access via console.
The standby firewall allows you to log into it just fine.
I pulled the primary firewall and turned it off for a day or 2. When I turned it back on, you could log into it but that only lasted a few days and the issue returned.
One item I noticed is the Management plane had a very high CPU - normally between 60-80%. I'm not sure if there is a runaway process that eventually kills the Management plane?
Has anyone had this issue? If so what did you do to remediate it - maybe turn something off or an OS version?
Thanks,
05-06-2025 12:42 AM
Hi @sos66sos ,
It does indeed sound like you're running into a memory leak issue where a certain process takes hold of all the resources over time and rendering the device unresponsive.
If you generate a tech support file you should be able to check the resources over time and especially at the time you're experiencing the issue. Check for a process that hogs all the resources.
A workaround would be to restart said process, there should be a cli command to restart the appropriate process.
11.1.6-h3 is currently the preferred release in this OS train. So you might want to submit the TSF to support for analysis.
Submitting your TSF will confirm if you're hitting a known bug or if you're hitting a different issue.
Kind regards,
-Kim.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
