Mobile User commit push is failing at initial deployment

Mobile User commit push is failing at initial deployment

3457
Created On 06/30/24 06:26 AM - Last Modified 09/25/24 22:58 PM


Symptom


  • Mobile user config is completed and commit push initiated.
  • Commit Validation is successful in Panorama or SCM UI but the push never completes and no specific error message given. 
  • After investigation into the backend firewalls, commit push was successful only to some of the deployed gateways. 
  • Rest of the gateways are active but no config was pushed. 

Environment


  • Prisma Access

Cause


  • Most likely cause of these symptoms is when IP pool allocated for Mobile Users is not sufficient for the number of gateways deployed. 

Resolution


Increase the IP pool with a smaller subnet mask. (For example, make it /22 subnet instead of /23.)

Additional Information


  • Prisma Access allocates atleast one /24 subnet for each gateway. 
  • Sometimes, when a single gateway instance is serving multiple regions like India West and India South, it will allocate multiple /24 subnets to the same instance accordingly. 
  • In this specific case, customer deployed 5 gateways but allocated a /23 subnet. /23 subnet provides only two /24 subnets. 
  • This caused 2 gateways to be deployed correctly but commit push failed for the rest of them. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000ToueCAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language