"Device Disconnected from the Controller" messages on backup ION after the upgrade to 6.3.2-b5

"Device Disconnected from the Controller" messages on backup ION after the upgrade to 6.3.2-b5

3626

Created On 06/04/24 15:01 PM - Last Modified 06/10/24 23:28 PM

Upgrade

Hardware

Prisma SDWAN (Cloudgenix)

Symptom

GUI we see multiple alerts for the "Device Disconnected from the Controller" for the backup ION.

Screenshot 2024-06-04 at 16.38.20.png

The backup ION is not responding to ARP on the controller port IP address when the active device LAN interface is requesting it.
The MAC address of the backup ION controller interface cannot be resolved by the LAN interface on the primary ION.

# inspect system arp interface=1 | grep 249
10.128.113.249                   (incomplete)                              eth5

ARP entry is not getting resolved on the LAN interface of the primary ION, we see the traffic from the backup ION controller interface towards the LAN interface of the primary ION but do not see SYN packets when we initiate tcpping from the controller interface of the backup ION.

# tcpping controller locator.cgnx.net:443
tcpping dial tcp: lookup locator.cgnx.net: i/o timeout

Environment

Prisma SD-WAN
ION Devices
Version 6.3.2-b5

Cause

This is a defect diagnosed in 6.3.2 causing the backup ION to lose controller connections intermittently after the upgrade.

Resolution

Temporary Fix:

On the active device, add static ARP on the LAN interface for the controller interface of the backup device.
On the backup device, add static ARP on the LAN interface for the controller interface of the active device.

Screenshot 2024-06-04 at 16.52.30.png

Permanent Fix:

Upgrade to version 6.4.1 or 6.3.4.