Hello, We had similar case for 3 devices, problem with rcv_fifo_overrun counters increasing on external interface directly connected to the ISP router. Devices were on 8.1.5 and 8.0.12 PANOS, model PA820. First we thought problem might be due to high packet burst where device can't handle it properly and simply drops the packets, also we suspected PAN-104116 leak or another thought was that the device could be simply to busy and drops the packets that can't handle. Leak was fixed in 8.1.5 and we try the upgrade path, which didn’t help in the end. Then when we noticed that 2 more devices (same model PA820) had the same problem, we have logged the case with PA TAC. Upon troubleshooting engineer provided some more insight based on the past experience: Data receive buffer overrun - is only indication of ingress traffic bursts on the marvell switch port(Firewall DP Ports) .rcv_fifo_overrun errors are suggesting that Marvell(PA's switch backplane) was experiencing buffer shortage/switch port on Marvell fabric is receiving more frames than can be managed and this can be related to bursty traffic pattern. Errors can only be found on Marvell external ports (phy ports, RJ45) and not between internal chipsets(From Marvell ---> Dataplane processor). Buffer size cannot be changed/adjusted. > debug dataplane internal pdt marvell stats What we are interested in is the UL1 and UL2 (Uplinks to Octeon Processor) and they appear to be good, in all of them indicating marvell is not sending pause frames or any recv errors caused by hardware. Also the traffic rate in my case and for that particular device was above 20K pps Rcv_fifo_overrun is expected/normal during bursty traffic pattern and it's not an issue on the firewall. Problem is only when the traffic rate is low and if this counter increases, even with reasonable amount of traffic, then it needs investigation. Also this doesn't have relevance to packet-descriptor depletion or leak as I have thought originally with reference to PAN-104116. Because PD is a DP component and "rcv_fifo_overrun" is drop stage in marvell even before it makes it to DP. In my case from TAC perspective there is not much we can do. Kind Regards, Eli
... View more
Hello, My colleague actually encounter similar problem, she was upgrading from 7.0.1 to 7.1.19 issue was with getting 7.1 base version onto pa200 using GUI, operation end-up with " upload file size exceeded system limit " Workaround: Use the CLI (tftp/scp) to upload the 7.1.0 image to the firewall and then proceed with the upgrade as usual. It was tested on couple pa200s and solved the problem, apparently this is known bug in 7.0.x. Hope that helps someone. Thanks.
... View more
You can't change that value I am affraid at least by yourslef, it is possible however that in critical cases Palo alto TAC engineer can do it for you by accessing root shell, but most likely they will advise you to review your policy, having over 2,5k objects on your 5k firewall it is not a good idea keep in mind that with time that number will increase.
As far as I know it can casue problems with memory usage, depending on PanOS version, another thing is if that value gets changed when you do upgrade or reset PANOS it will back to default setting.
... View more