This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Panorama managed devices lose configuration

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Panorama managed devices lose configuration

JackTrainor
L1 Bithead

‎08-28-2023 06:52 AM

On two occasions recently my firewalls stopped functioning correctly following a reboot.

The first time affected a single firewall. I restarted the firewall in order to troubleshoot.

The second time was after a software update. Both firewalls were rebooted.

In both cases when the firewalls came back up they wouldn't process traffic correctly until Panorama pushed the config to them. I think that I have read this before in the documentation, but I can't find it again and I need to understand the correct way to manage a reboot.

 

Any help would be appreciated.

0 Likes Likes
1 REPLY 1

PavelK
Cyber Elite
Cyber Elite

‎09-04-2023 04:43 PM

Hello @JackTrainor

 

thanks for posting.

 

An unexpected reboot is most likely caused by a bug / critical issue. This KB: Critical Issues Addressed in PAN-OS Releases has detailed coverage of all critical issues including version with fix / workaround. I would recommend to review it and upgrade to recommended PAN-OS version: Support PAN-OS Software Release Guidance.

 

If you are already running recommended PAN-OS version and still experiencing unexpected reboots, I would recommend to generate TAC support file and open a TAC case. This KB: How to Identify and Troubleshoot a Process that Exited or Restarted in PAN-OS might help you to drill down what process caused reboot / data plane restart.

 

To be honest, I do not think there is any other correct way to reboot firewall than from CLI: "request restart system" and from GUI: Device > Setup > Operations > Reboot Device.

Here is the KB: How to reboot Firewalls in High-Availability Mode how to reboot Firewalls in HA pair.

 

Regarding the last issue you mentioned that Panorama pushed configuration is lost after Firewall reboot, this is not expected. I personally did not come across this issue and not aware of any post reporting this symptom. After the Panorama pushes the configuration, this configuration is local in the Firewall and should survive any reboot or Panorama being unavailable. If this happens again, I would recommend to check below CLI logs to understand what happen before and after the configuration had to be re-pushed from Panorama, however the opening of TAC ticket might be necessary.

 

tail follow yes mp-log ms.log
tail follow yes mp-log devsrv.log

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
  • 617 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks