Standby firewall restarting on 11.0.4-h1

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Standby firewall restarting on 11.0.4-h1

L1 Bithead

Upgraded my 5250 firewall pair last week to 11.0.4-h1 for CVE-2024-3400.  Since then, have seen my secondary/standby firewall reboot twice over the course of a week after a error of "HA Group 52: Dataplane is down: too many children exited".  This never happened prior to this release.

 

I am currently working with support, just waiting on a response.  Also noticed today that they released 11.0.4-h2.

 

PAN-252744
(PA-3200 Series, PA-5200 Series, and PA-7000 Series firewalls) Fixed an issue where upgrading the firewall to PAN-OS 11.0.4 or PAN-OS 11.0.4-h1 caused the firewall to go into a non-functional state.

 

Just curious if anyone else is having these kinds of issues....or did I win the "crash lottery"?   Has anyone upgraded to 11.0.4-h2 yet?

6 REPLIES 6

Community Team Member

Hi @Smithm ,

 

Sorry to read you are experiencing these issues! I hope you can get this resolved soon. Please share any guidance you receive from support. 

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Hi Jay,

 

In working with TAC, we'll be loading 11.0.3-h10 tonight during our maintenance window to see if it helps with the HA2 links crashing.  Fingers crossed.  🙂

L1 Bithead

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCcXCAW&lang=en_US%E2%80%A...

The article will explain what is happening, currently experiencing the same issue with version 11.0.4-h2 on PA5220.

Need to Power cycle the device (non-fucntional device) only fix currently available.

Ryan Chalmers
Support Engineer

Hey @Smithm 

 

Did the issue resolve after upgrading to 11.0.3-h10 ?.

We are also facing the same issue in 11.0.3-h10.

 

Thanks and Regads

Satya Kalyan

L1 Bithead

So TAC advised us to upgrade to 11.2.0, 11.1.5, or 11.0.7 to fix this issue.

TAC notes the issue you are seeing below > Continuous crashes caused the HA to go to Not-Functional State

"This is the internal known jira PAN-249548 (PA-5220 | Data Plane failure after PAN-OS upgrade) TAC have not published this"

Ryan Chalmers
Support Engineer

We went backwards from 11.0.4-h1 to 11.0.3-h10 and it resolved our issue. 

  • 2187 Views
  • 6 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!