Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Receive errors on all traffic interfaces

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Receive errors on all traffic interfaces

L0 Member

Hi guys

I am a bit lost in our own network...... We have a PA-820 Cluster in active-passive mode. It is running for maybe 7 months now. Each firewall has 2 uplinks to our 2 core switches and 1 downlink to the access switch (with subcontractor on it).

We noticed around 2 weeks ago that all those 6 ports have hardware receive errors since we installed them. The downlink ports to the access area have a lot more (in around 1.5 weeks 292'359) then the uplinks the uplinks (around 9'000). The access area does not communicate that much to outside. The uplinks are singlemode fibre and the downlink normal RJ45. I changed the RJ45 already without any success. The SFPs are from Finisar 1G and should be supported although the firewall does not recognize them (there is no vendor name or vendor part number). However the hardware part shouldn't be the issue as we have the same situation in fibre & copper.

I did some research and packet captures and initially thought its because of STP frames arriving on the port which count as errors. But after disabling it the counters still increase. So currently I have no non-ip traffic on those interfaces according to the PCAP.

 

I found the following command which shows you recent counters and also drops:

show counter global filter delta yes

When using this command I see following drops: (also see attachment)

 

name                                value rate severity category aspect description

flow_rcv_dot1q_tag_err        23     0     drop    flow       parse       Packets dropped: 802.1q tag not configured
flow_no_interface                 23     0     drop    flow       parse        Packets dropped: invalid interface
flow_ipv6_disabled              800   13    drop    flow       parse        Packets dropped: IPv6 disabled on interface
flow_policy_deny                1121  19    drop    flow       session     Session setup: denied by policy
flow_fwd_l3_bcast_drop    5677   98    drop     flow      forward     Packets dropped: unhandled IP broadcast
flow_fwd_l3_mcast_drop    775   13     drop     flow      forward     Packets dropped: no route for IP multicast
flow_fwd_l3_noroute          13       0      drop     flow     forward     Packets dropped: no route
flow_fwd_l3_noarp             11        0     drop     flow      forward     Packets dropped: no ARP

flow_host_service_deny     746    12     drop     flow     mgmt        Device management session denied

 

Does anyone has an idea how I can continue to troubleshoot this?



Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.
2 REPLIES 2

L4 Transporter

Cyber Elite
Cyber Elite

Hello @tulkas

 

thanks for posting in LIVEcommunity!

 

- Could you confirm what devices are connected uplink and downlink to Firewall?

 

- My first suspect for non-IP traffic would be anything that arrives interface of Firewall, but Firewall does not understand it. For example CDP, DTP, VTP, PAGP. Have you seen any layer 2 traffic in the packet capture?

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
  • 4016 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!