Interfaces associated with AE groups or LACP flap on commit or dynamic content update after PAN-OS upgrade of the firewall cluster

Interfaces associated with AE groups or LACP flap on commit or dynamic content update after PAN-OS upgrade of the firewall cluster

543
Created On 03/20/25 00:26 AM - Last Modified 10/28/25 16:48 PM


Symptom


  • Palo Alto PA-800 series firewall upgraded to 10.1.11 from 10.1.8.
  • After upgrade, some of the copper ports start flapping during commit or dynamic update.
  • System logs report the ports going up after commit process. 
    17:01:41 info ha link-mo 0 HA Group 1: Link group 'Interface-All' link 'ethernet1/6' is up
17:01:41 info ha link-mo 0 HA Group 1: Link group 'Interface-All' link 'ethernet1/1' is up
17:01:41 info ha link-mo 0 HA Group 1: Link group 'Interface-All' link 'ethernet1/3' is up

Environment


  • Palo Alto 800 Series Firewall
  • PAN-OS below 11.1.5, 10.2.14, 11.2.5
  • Copper SFP Optics (PAN-SFP-CG)

Cause


  • Software Issue PAN-246567  and
  • Copper ports configured with duplex and speed settings. The optics does not support the duplex/speed settings and must use "auto".

Resolution


  1. Upgrade the Firewall to the fixed versions of 11.1.5, 10.2.14, 11.2.5 or higher.
  2. Set the speed and duplex settings on the firewall to "auto" .
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000PRNPCA4&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail