cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Who rated this post

Knowledge sharing: Troubleshooting and investigating full hard disk and full partitions (logs, config, root, etc.) issues on Palo Alto devices.

L6 Presenter

When the Palo Alto partition is full depending on which partition is full differen issues may happen. The Palo Alto versions like 9.1.x and newer have much less issues with disk space like the 8.1 version, so an upgrade to newer version may help in many cases.

 

 

 

 

1. Generally I have seen issues becase of full disk where the HA communicaton is impacted, the commit operation fails, the GUI is not responsible and also the log correlation process is down as seen in the masterd log file in the managfment plane (usually this happens because of the log partition panlogs being full ). After cleaning the disk space use "show system software status" / "show system resources" (https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-cli-quick-start/cli-cheat-sheets/cli-cheat-sheet...) to see if the process is still down and if needed restart it with "debug software restart process <name of the process>"

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaJCAS

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClSjCAK

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClgZCAS

 

 

 

 

 

2. If the pancfg partition is full on Palo Alto firewalls or Panorama you will simply not be able to install new software versions of the panos or dynamic updates. In rare cases the GUI can be impacted.

 

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLSJCA4&refURL=http%3A%2F%...

 

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008V5bCAE&lang=en_US%E2%80%A...

 

 

 

 

 

3. An issue where the root partition is full you can only delete core files or system or process debug logs but if the issue persists then open a TAC case as they can access the Linux that Palo Alto uses as a core operational system and clean things from there.

 

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRXCA0

 

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMznCAG

 

 

 

 

 

 

4. In some rare cases a partition like the /dev/shm can be full and a reboot of the firewall could be needed. If the issue is still there the ultimate solution for non hardware palo alto issues is saving the config to external storage then factory default reset of the firewall and again importing the the config(the TAC does this many times).

 

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldXCAS

 

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/firewall-administration/reset-the-firewall...

 

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRcCAK

 

Who rated this post