Best Practice Guide for Data Collection while opening a Palo Alto Networks support case for Firewall products
3579
Created On 07/02/21 03:35 AM - Last Modified 03/17/22 20:07 PM
Environment
- Firewall platform (physical or virtual).
- Any PAN-OS.
Resolution
NOTE : Apply N/A wherever necessary
1. Issue Details
Q1. What is the nature of the issue? (e.g. traffic on custom port 1556 not working for some users)Q2. Is the issue currently impacting business operations?
Q3. What confirmed indicators associated with the issue can be shared?
Q4. Is the issue observed for any specific application/protocol or is it observed for all applications/protocols?
2. Environment Specifics
Q5. Is this a new configuration/deployment or an existing one?Q6. If existing, have any changes been made to the existing setup recently which could have caused this issue?
Q7. Is the issue observed in a particular environment? (eg. Prod Firewall but not on Dev Firewall)
Q8. Is the issue impacting one user, multiple users, a group of users or all users?
Q9. What is the machine model and OS version of affected users? (eg. MAC OS Catalina, version 10.15)
Q10. What is the affected device model and OS version? (eg. PA-3220 running PAN-OS version 9.0.12)
3. Timeline Details
- Share the following details in accordance with the device or platform's time zone.
- E.g. If device is running in AEST timezone, the following details should be shared in AEST.
Q12. What is the exact date and time of the first time occurrence of this issue? (eg. Saturday, 3rd July, 8am AEST)
Q13. What is the exact date and time of the last time occurrence of this issue?
Q14. Is the issue intermittent or continuous in nature?
Q15. Does the issue occur at a particular duration or time frame of the day?
Q16. Is the issue still present or was it a one-time occurrence?
4. Topology Diagram
- While a complete topology of the network or infrastructure is not required, it is important for us to understand the location of the device or platform in reference to the impacted host(s).
- A Simple Line Diagram or Network Topology attached in the case can suffice or be replaced with concise written description of topology.
5. Data from Device
I. Tech Support File (TSF)
- Generate and Download the TSF of the affected device using the WebGUI or the CLI.
- Upload the TSF in the support case for review.
- How to Generate and Upload a Tech Support File Using the WebGUI and CLI
NOTE : Generate the latest TSF of the device after the issue occurrence.
II. Packet Captures
- Attach any Packet Captures collected "during" the time of issue.
- How to collect Packet Captures : Getting Started: Packet Capture
III. Global Counters
- While Packet Captures help in capturing any Drops or otherwise on the device, Global Counters help in isolating the issue and highlighting the reason behind any drops, errors or warnings.
- Most often, the following command output is sufficient to narrow down the issue.
(Run this command 10 - 15 times within an interval of 1 second when the issue is occurring)
IV. GlobalProtect Client (If applicable)
6. Additional Information
Q17. Are there any 3rd Party elements or resources involved in this issue?Q18. Are other parties already involved in or briefed on this issue?