Management, HA1-A and/or HA1-B ports fail to come up on booting PA-5400 series Firewall.
5221
Created On 12/19/23 01:24 AM - Last Modified 05/30/24 21:42 PM
Symptom
- On booting PA-5400 series devices, management and/or HA Ports flap repeatedly.
- System logs (show log system) reports these flap.
15:33:20 info ha ha1-lin 0 HA1-Backup link up
15:33:21 high ha ha1-lin 0 HA1-Backup link down
15:33:40 info ha ha1-lin 0 HA1 link up
15:33:41 critical ha ha1-lin 0 HA1 link down
15:33:47 info ha ha1-lin 0 HA1 link up
15:33:48 critical ha ha1-lin 0 HA1 link down
15:33:53 info ha ha1-lin 0 HA1 link up
- Messages file (/var/log/messages) in the "techsupport" file also report these flaps.
> /var/log/messages
5400 klogd: [ 600.837758] i40e 0000:17:00.0 eth4: NIC Link is Up, 1000 Mbps Full Duplex, Flow Control: None
5400 klogd: [ 601.096055] i40e 0000:17:00.0 eth4: NIC Link is Down
5400 klogd: [ 601.355380] i40e 0000:17:00.1 eth5: NIC Link is Up, 1000 Mbps Full Duplex, Flow Control: None
5400 klogd: [ 601.615206] i40e 0000:17:00.1 eth5: NIC Link is Down
5400 klogd: [ 607.688873] i40e 0000:17:00.0 eth4: NIC Link is Up, 1000 Mbps Full Duplex, Flow Control: None
5400 klogd: [ 607.947611] i40e 0000:17:00.0 eth4: NIC Link is Down
5400 klogd: [ 620.565057] i40e 0000:17:00.1 eth5: NIC Link is Up, 1000 Mbps Full Duplex, Flow Control: None
Environment
- PA-5400 series Firewalls
- Supported PAN-OS
- 1Gbps copper SFP module
Cause
SFP optic issue.
Resolution
- Use approved copper optics FCLF8521P2BTL instead of non working FCLF8522P2BTL.
- Another workaround is to use approved fiber optic SFP optics and cables.