08-24-2024 05:27 AM
Hi community
Since about 2 weeks a vm firewall started getting problems with random crashes. Our setup is a firewallcluster but so far the active firewall crashes almost completely silent. At least the firewall does not initiate a failover to the passive node. So far we had about 4 crashes at random times and in one case the firewall crashed "hard" enough that it rebooted and this way the passive firewall took over.
TAC is already analyzing the situation. So far it is still very unclear (and frustrating). It seems to be related to the application cloud engine. This is also the current recommendation / action plan: we should disable the ACE completely for the moment. Obviously we did not buy this subscription for fun - we actively use these additional App-IDs from the SaaS Inline subscription. Disabling this of course will lead to the next issues. These issues will may be no longer be crashes but the traffic control obviously will be restricted.
At this point on one side I wanted to warn you as there seems to be a critical issue in PAN-OS in combination with SaaS Inline and application cloud engine (ACE). As we were told, this issue was introduced in code starting with PAN-OS 10.1. On the other side I wanted to ask if you had similar or the same issue already and if you maybe found a solution/workaround for this already (which was not disabling the feature completely)?
Have a great weekend
Remo
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
