Dataplane processes restarting when SD-WAN is configured

Dataplane processes restarting when SD-WAN is configured

11523
Created On 09/30/22 12:25 PM - Last Modified 10/04/22 02:40 AM


Symptom


On NGFW deployments where SD-WAN is enabled and meets the following requirements, the dataplane may restart due to an out-of-memory condition.

 

  • PANOS version 10.1.6-h4+ or 10.1.7
  • And, all SD-WAN links down

This could also happen during a device reboot because all SD-WAN tunnels would be down on reboot. 

Reference PAN-201627 in 10.1.7 known issues

Environment


Note: NGFW stands for Next Generation Firewalls 

Cause


  • When EDL/FQDN refresh or configuration commit occurs, the "pan_comm" process creates new child processes as a result.
  • This child process is forked without waiting for the previous child process to END, leading to out of memory condition.

Resolution


Following workarounds can be applied to mitigate this issue
  1. Downgrade to 10.1.6-h3 or earlier
  2. Or, upgrade to the latest 10.2 release as 10.2 is not impacted by this issue.
The Fix in 10.1 release is targeted for 10.1.8.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sZJpCAM&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language