This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Interface Errors after upgrade - VM Series

cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Interface Errors after upgrade - VM Series

ftrabalsini
L1 Bithead

‎03-14-2025 03:21 AM

Hello,

 

we upgraded our Palo Alto VM to 11.1.6-h1, after the upgrade the monitoring system gave us warning about the errors increasing on the Firewall interfaces but the clients did not report any issues, so it's not affecting them at all,

 

this is what i see on one of them:

 admin@paloaltoVM(active)> show interface ethernet1/5

--------------------------------------------------------------------------------
Name: ethernet1/5, ID: 20
Link status:
Runtime link speed/duplex/state: 10000/full/up
Configured link speed/duplex/state: auto/auto/auto 
MAC address:
Port MAC address 00:50:56:bb:70:46
Interface Type :
Port Type: RJ45
Capability : auto, 10Mb/s-half, 10Mb/s-full, 100Mb/s-half, 100Mb/s-full, 1Gb/s-half, 1Gb/s-full, 10Gb/s-half, 10Gb/s-full, 25Gb/s-half, 25Gb/s-full, 40Gb/s-half, 40Gb/s-full, 100Gb/s-half, 100Gb/s-full
Operation mode: layer3
Untagged sub-interface support: no
--------------------------------------------------------------------------------
Name: ethernet1/5, ID: 20
Operation mode: layer3
Interface management profile: N/A
Service configured: 
Zone: N/A, virtual system: vsys1
Adjust TCP MSS: no
Policing: no
Proxy protocol: no
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Physical port counters read from MAC:
--------------------------------------------------------------------------------
rx-broadcast 0
rx-bytes 99002301342
rx-multicast 0
rx-unicast 296263734
tx-broadcast 0
tx-bytes 73349693608
tx-multicast 0
tx-unicast 179267739 
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Detailed physical port counters read from MAC:
-------------------------------------------------------------------------------- 
mac receive error 55574672 
--------------------------------------------------------------------------------

Hardware interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 99002321016
bytes transmitted 73341214170
packets received 296263835
packets transmitted 179267891
receive incoming errors 55574672
receive discarded 0
receive errors 55574672
packets dropped 0
--------------------------------------------------------------------------------

Logical interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 35020249
bytes transmitted 0
packets received 97009
packets transmitted 0
receive errors 0
packets dropped 97009
packets dropped by flow state check 0
forwarding errors 0
no route 0
arp not found 0
neighbor not found 0
neighbor info pending 0
mac not found 0
packets routed to different zone 0
land attacks 0
teardrop attacks 0
ip spoof attacks 0
mac spoof attacks 0
ICMP fragment 0
layer2 encapsulated packets 0
layer2 decapsulated packets 0
tcp cps 0
udp cps 0
sctp cps 0
other cps 0
--------------------------------------------------------------------------------

where should i start to troubleshoot this ?

 

I didn't found any known issue in PANOS 11.1.0 related to this behavior,

 

regards,

 

Francesco

1 person had this problem.
0 Likes Likes
2 REPLIES 2

Justin_Steil
L0 Member

‎03-22-2025 02:00 AM

I has a similar issue and my issue was resolved by adjusting the mtu and mss values of the interface reporting the issue.  
Use the cli command to work out the mtu value..
ping do-not-fragment no size 1350 source x.x.x.x  host 1.1.1.1
---------------------------------------
mtu size to large
ping do-not-fragment no size 1360 source x.x.x.x host 1.1.1.1
PING 1.1.1.1 (1.1.1.1) from x.x.x.x : 1360(1388) bytes of data.
From 127.130.1.254 icmp_seq=1 Frag needed and DF set (mtu = 1360)
1368 bytes from 1.1.1.1: icmp_seq=2 ttl=56 time=3.99 ms
-----------------------------------------
mtu size ok
ping do-not-fragment no size 1350 source x.x.x.x host 1.1.1.1
PING 1.1.1.1 (1.1.1.1) from x.x.x.x : 1350(1378) bytes of data.
1358 bytes from 1.1.1.1: icmp_seq=1 ttl=56 time=2.60 ms
1358 bytes from 1.1.1.1: icmp_seq=2 ttl=56 time=2.96 ms


ftrabalsini
L1 Bithead
In response to Justin_Steil

‎03-24-2025 01:07 AM

Hi Justin,

 

i'll try this workaround, but i can't do it anytime since this VM is in production,

i even have opened a case with the support,

 

regards

0 Likes Likes
  • 261 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks