Anybody who installed PanOS 8.1 on his Palo Alto firewall – we use the PA 220 in quite some numbers, may have experienced quite some strange behaviour if through IPSEC tunnels connected file shares user SMB. So did I.
With the latest firmware upgrade, no write or read jobs through any of these VPN tunnels succeded. The mapped drives lit up in the file explorer. in some cases even browsing directories may have succeded … perhaps even two or three levels down. Then the explorer started to hang, crashed, even some systems blue screened. Copied files showed perhaps up in the destination with a filename aka. directory entry but never any content showed up.
Since we updated the Microsoft world on top, the assumption some backward compatibility stack or group policy setting may have caused the headache. Many Continue reading →
Since I’m still a big fan of the Palo Alto firewall family, there are some things, which really feel strangely disturbing. Nothing functional, otherwise I won”t be as convinced but in terms of administration. The most advanced network security device is better managed by webinterface – something every network guru feels goosebumps in his neck.
The worse it is, if the webinterface hangs and you need to use the unfamiliar command line interface. Whereas many vendors simply follow SNMP logic and somehow end up with something similar to the industry standard context setup, PanOs CLI feels strangely different.
Here are your survival commands to make login on the web interface work again:
Have you rebooted the System? request restart system
Did you restart the management service? debug software restart process management-server
Did you check the file system and free space? show system disk-space
In case you need to delete crash dumps or free space anyway: delete debug-log mp-log file *
And finally if the system still does not respond due to hanging commits: commit force
This list is far from being complete, but after experiencing one software version which filled up the root file system after failed content updates and locking out the admins from the web interface, combinations of these commands helped to make the firewall accessible again.
To be fair, this was a one time error in three years running twelve of these boxes, nevertheless it felt quite uncomfortable.
Wir verwenden Cookies um die aktiven Inhalte dieser Webseite zu implementieren und die Anwendererfahrung so angenehm wie möglich zu gestalten. Diese Verwendung erfolgt ausschließlich entlang der technischen Notwendigkeiten dieses privaten Angebots und wird in keiner Weise für andere kommerzielle Zwecke eingesetzt. Mit dem anclicken von “Accept”, stimmen sie der Verwendung all dieser Cookies zu.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.