01-13-2022 06:41 PM
PAN-83610
In rare cases, a PA-5200 Series firewall (with an FE100 network processor) that has session offload enabled (default) incorrectly resets the UDP checksum of outgoing UDP packets.
Workaround: In PAN-OS 8.0.6 and later releases, you can persistently disable session offload for only UDP traffic using the set session udp-off load no CLI command.
We did a throughput test with proper test kit before device goes live, when disable the offload the throughput reading degrade significant. So I'm not going for this workaround.
I'm stuck in between EOL PANOS 9.0 and upgrade consume time, I cant risk my client upgrade to 9.1 as potential hit performance issue but upgrade to 10.1 may took up to 8 hours upgrade from 9.0 to 10.1 as reboot after upgrade and connection verification each failover to new version.
Current client using PA 5200 series, how do I check that model network processor is running FE100, as I got the output from system state, based on the output is it that PA 5200 is running on FE100 network processor or is there another command to retrieve the network processor ?
env.s1.thermal.0: { 'alarm': False, 'avg': 32.000, 'core-temp-gryphon-dp': False, 'desc': NP, 'desc-detail': NB - Temperature @ FE100[U92], 'fan-min': 50.000, 'hyst': 3.750, 'i2c-failures-count': 0, 'i2c-failures-status': False, 'ignore-fan-control': False, 'immediate-notify': False, 'max': 70.000, 'min': -5.000, 'notified-avg': 31.800, 'samples': [ 32.000, 32.000, 32.000, 32.000, 32.000, ], 'shutdown': False, 'shutdown-temp': 99.000, }
