07-17-2024 02:47 AM - edited 07-17-2024 02:49 AM
Hi,
We recently upgraded our Palo Alto 1410 Firewall to PAN-OS-11.1.2-h3 from PAN-OS-11.0.4-h1.
After Upgrade there was no incoming traffic from external networks. There were no hits or logs showing incoming traffic.
Internet Outbound traffic was going through normally.
IPSEC VPN tunnels were working normally.
Support team checked and wanted us to downgrade to the previous version.
Is this a bug in PAN-OS 11.1 ?
Has anyone ever faced this issue after PAN-OS upgrades ?
Should we install the base image for 11.1 before we upgrade to 11.1.2-h3?
Any ideas and suggestiions are welcome.
Thanks
Hari
07-18-2024 01:42 AM
Can't say i've encountered this issue before due to a bug, but have seen similar things happen due to ARP issues. have you checked upstream MAC and ARP tables, are arp requests for the public IP of the firewall being replied to when inbound packets arrive, are tables updated accordingly?
you could set up packetcapture and follow global counters to see what is happening on the firewall side, also packewt capture the upstream device and see what's going on
in regards to upgrading: you don't need to install the base image, it just needs to be downloaded for you to be able to install maintenance packages
07-18-2024 02:40 AM
Thanks for the update. We hace asked for support from Palo Alto as well. Once i successfully upgrade our 11.0 image to 11.1 image, will keep you updated on the procedure.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
