We recently upgraded our firewall to version 8.1.5 and noticed that SNMP data traffic monitoring stopped working. If we get de SNMP values, we receive this informations:
IF-MIB::ifIndex.9 = INTEGER: 9
IF-MIB::ifDescr.9 = STRING: ethernet1/4
IF-MIB::ifType.9 = INTEGER: ethernetCsmacd(6)
IF-MIB::ifMtu.9 = INTEGER: 1500
IF-MIB::ifSpeed.9 = Gauge32: 100000000
IF-MIB::ifPhysAddress.9 = STRING: 0:86:9c:84:3f:13
IF-MIB::ifAdminStatus.9 = INTEGER: up(1)
IF-MIB::ifOperStatus.9 = INTEGER: up(1)
IF-MIB::ifLastChange.9 = Timeticks: (0) 0:00:00.00
IF-MIB::ifInOctets.9 = Counter32: 0
IF-MIB::ifInUcastPkts.9 = Counter32: 0
IF-MIB::ifInNUcastPkts.9 = Counter32: 0
IF-MIB::ifInDiscards.9 = Counter32: 0
IF-MIB::ifInErrors.9 = Counter32: 0
IF-MIB::ifInUnknownProtos.9 = Counter32: 0
IF-MIB::ifOutOctets.9 = Counter32: 0
IF-MIB::ifOutUcastPkts.9 = Counter32: 0
IF-MIB::ifOutNUcastPkts.9 = Counter32: 0
IF-MIB::ifOutDiscards.9 = Counter32: 0
IF-MIB::ifOutErrors.9 = Counter32: 2293361
Notice the zero ifInOctets and ifOutOctets values.
In the firewall CLI, we get the values:
>show interface ethernet1/4
--------------------------------------------------------------------------------
Name: ethernet1/4, ID: 19
Link status:
Runtime link speed/duplex/state: 100/half/up
Configured link speed/duplex/state: auto/auto/auto
MAC address:
Port MAC address 00:86:9c:84:3f:13
Operation mode: layer3
Untagged sub-interface support: no
--------------------------------------------------------------------------------
Name: ethernet1/4, ID: 19
Operation mode: layer3
Virtual router default
Interface MTU 1500
Interface IP address: ###.###.###.###/##
Interface management profile: default
ping: yes telnet: no ssh: yes http: no https: yes
snmp: yes response-pages: yes userid-service: yes
Service configured: IKE
Zone: external, virtual system: vsys1
Adjust TCP MSS: no
Policing: no
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Physical port counters read from MAC:
--------------------------------------------------------------------------------
rx-broadcast 61123
rx-bytes 53526882686
rx-multicast 196
rx-unicast 51082677
tx-broadcast 65
tx-bytes 9766237925
tx-multicast 0
tx-unicast 36211878
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Detailed physical port counters read from MAC:
--------------------------------------------------------------------------------
rx packets 64 bytes 10111961
rx packets 65 to 127 bytes 31737416
rx packets 128 to 255 bytes 2072235
rx packets 256 to 511 bytes 1969770
rx packets 512 to 1023 bytes 2070995
rx packets 1024+ bytes 39427569
collisions 756704
late_collisions 612166
sent_deferred 2304503
sent_multiple 124474
--------------------------------------------------------------------------------
Hardware interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 678602007
bytes transmitted 97658231
packets received 616505
packets transmitted 409213
receive incoming errors 0
receive discarded 0
receive errors 67
packets dropped 0
--------------------------------------------------------------------------------
Logical interface counters read from CPU:
--------------------------------------------------------------------------------
bytes received 678597987
bytes transmitted 97658231
packets received 616438
packets transmitted 409213
receive errors 0
packets dropped 110
packets dropped by flow state check 37
forwarding errors 0
no route 0
arp not found 0
neighbor not found 0
neighbor info pending 0
mac not found 0
packets routed to different zone 0
land attacks 0
ping-of-death attacks 0
teardrop attacks 0
ip spoof attacks 0
mac spoof attacks 0
ICMP fragment 0
layer2 encapsulated packets 0
layer2 decapsulated packets 0
tcp cps 1
udp cps 0
sctp cps 0
other cps 0
--------------------------------------------------------------------------------
Is this a known bug?
System Info
show system info
hostname: #############
ip-address: ###.###.###.###
public-ip-address: unknown
netmask: ###.###.###.###
default-gateway: ###.###.###.###
ip-assignment: static
ipv6-address: unknown
ipv6-link-local-address: ###.###.###.###
ipv6-default-gateway:
mac-address: 00:86:9c:84:3f:00
time: Fri Dec 21 13:21:24 2018
uptime: 1 days, 8:58:38
family: 800
model: PA-820
serial: ##############
cloud-mode: non-cloud
sw-version: 8.1.5
global-protect-client-package-version: 4.1.2
app-version: 8108-5218
app-release-date:
av-version: 2834-3344
av-release-date:
threat-version: 8108-5218
threat-release-date:
wf-private-version: 0
wf-private-release-date: unknown
url-db: paloaltonetworks
wildfire-version: 307255-309916
wildfire-release-date:
url-filtering-version: 20181221.20161
global-protect-datafile-version: unknown
global-protect-datafile-release-date: unknown
global-protect-clientless-vpn-version: 0
global-protect-clientless-vpn-release-date:
logdb-version: 8.1.8
platform-family: 800
vpn-disable-mode: off
multi-vsys: off
operational-mode: normal