Firewall not booting after upgrade to 9.0.7
8143
Created On 04/20/20 21:30 PM - Last Modified 06/09/20 20:40 PM
Symptom
- After upgrading from PanOS 8.1 to 9.0 the dataplane will not come up due to autocommit failures. The following entires are seen in the system log
2020/04/19 14:20:37 high general general 0 Autocommit job failed 2020/04/19 14:20:22 high general general 0 Autocommit job failed 2020/04/19 14:20:07 high general general 0 Autocommit job failed 2020/04/19 14:19:52 high general general 0 Autocommit job failed 2020/04/19 14:19:37 high general general 0 Autocommit job failed
- If you try to perform a commit force you will get this DHCP related error:
pan_dhcpd_interface_mode_init(ae1.2279) failed(Module: dhcpd) ethernetae1.2279 -> relay constraints failed : at least either v4 or v6 relay should be enabled ethernetae1.2279 -> relay is invalid
- The following errors are seen in pan_dhcpd.log
<omitted> Error: pan_dhcpd_parse_server_relay_config(pan_dhcpd_parse.c:476): pan_dhcpd_interface_mode_init(ae1.2279) failed <omitted> Error: pan_dhcpd_parse_config(pan_dhcpd_parse.c:581): error parsing server/relay config
Environment
- PA-5250
- PanOS 9.0.7
- HA
- DHCP Relay enabled on 4 AE interfaces
Cause
In PanOS 9.0 if you configure an interface for DHCP Relay you also have to enter an IPv4 of IPv6 server address.
Resolution
If the DHCP Relay is configured on any interface(s) then either an IPv4 or IPv6 server address needs to be added as follows:
- In the firewall GUI go to Network -> DHCP and click on the DHCP Relay tab
- Click on the first interface on the list
- Under DHCP Server IPv4 address or DHCP Server IPv6 address, click Add
- Add the DHCP server IPv4 or IPv6 address
- Click OK
- Repeat the process for any other interfaces in the list
- Restart the device-server process to trigger an autocommit on the firewall
> debug software restart process device-server