Critical system log entry "/mnt/cdrom is mounted as Read-Only"

• On PAN-OS 10.2.x and above, system logs (show log system) report /mnt/cdrom mounted as read-only.

critical general        general 0  /mnt/cdrom is mounted as Read-Only

• The output of show system disk-space also shows the /mnt/cdrom partition as 100%.

>show system disk-space 
...
/dev/sr0        358K  358K     0 100% /mnt/cdrom

• Palo Alto VM based Firewalls
• PAN-OS 10.2 and above
• KVM Hypervisor

• This partition is seen when a firewall is bootstrapped on KVM Hypervisor as per the document Bootstrap the VM-Series Firewall on KVM .
• The “CD-ROM” partition is only used while bootstrapping. So the critical error in system log can be ignored.

Workaround (available on many hypervisors - not all): 

1. Go to your virtualization platform (e.g. VMWare vSphere) for the impacted VM
2. Change the CD-ROM settings to client device instead of datastore ISO file (uncheck the iso from the KVM).
3. Restart the VM.

Resolution: 

1. Issue will be addressed in the upcoming releases as part of PAN-246034 - Currently Issue has been addressed in firmwares 11.2.0, 11.1.3, 10.2.11, 11.0.7, 12.1.0
2. As a part of fix, the critical errors are removed from system log.

• If you are not directly managing this virtual machine, contact your hosting provider who is managing this virtual machine to request this change.
• This log/output is not considered a cause for concern. It will not affect the traffic or the Firewall and won't be harming anything in production. It is just a CD-ROM setting.
• The critical alert is generally seen as when the partition space reaches the threshold, the firewall detects it as a critical alert as it does for other similar alerts like high disk space.