Firewall become unresponsive after an upgrade from 9.1.8 to 10.0.8-h4.
12890
Created On 07/15/22 15:40 PM - Last Modified 02/11/23 00:45 AM
Symptom
After the upgrade ;
- Firewall was powered off and SFPs connected to it (Any ) were removed.
- Then it was powered on again and we were able to access it.
- Once we had access checked that PAN-OS version is 10.0.8-h4 as expected,
- But the firewall only comes up with SPFs disconnected.
- Console access shows the following ;
Verifying OSS integrity on Dataplane File System (POST) ... FIPS-CC integrity tests - Dataplane oss verification passed Verifying PAN-OS integrity on Dataplane File System (POST) ... Skipping logplane integrity tests on product with no lp * * * * * VERIFY File System Integrity Stage-1 passed * * * * * * * * * * CRYPTO POST Stage-1 begins * * * * * * * * * * CRYPTO POST Stage-1 passed * * * * * * * * * * FIPS-CC Self-Tests Stage-1 passed * * * * * FIPS-CC POST Stage-1 (sw-integrity and crypto tests) passed. * * * * * FIPS-CC Plugin Self-Tests Stage-1 begins * * * * * * * * * * FIPS-CC Plugin Self-Tests Stage-1 passed * * * * * Starting Networking: [ OK ] Starting system logger: [ OK ] Starting kernel logger: [ OK ] Starting rpcbind: [ OK ] Skipping sshd: starting with PAN system processes Starting xinetd: /etc/rc3.d/S56xinetd: line 66: warning: setlocale: LC_TIME: can not change locale (en_US): No such file or directory /etc/rc3.d/S56xinetd: line 67: warning: setlocale: LC_ALL: cannot change locale (en_US) /etc/rc3.d/S56xinetd: line 72: warning: setlocale: LC_ALL: cannot change locale (en_US) /bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US) [ OK ] Starting ntpd: [ OK ] FATAL: Module nfsd not found. FATAL: Error running install command for nfsd Starting NFS services: [ OK ] Starting NFS mountd: [ OK ] Starting NFS daemon: [ OK ] Starting RPC idmapd: [FAILED] Starting PAN Software: * * * * * FIPS-CC Plugin Self-Tests Stage-2 begins * * * * * * * * * * FIPS-CC Plugin Self-Tests Stage-2 passed * * * * * cgroup: cgroups_setup (3105) created nested cgroup for controller "blkio" which has incomplete hierarchy support. Nested cgroups may change behavior in the futu re. [ OK ] DE-REG-22443-FW-02 login: Waiting for another core to setup the PKI hardware...D one Failed to deselect the I2C multiplexor (addr=75, val=00, err=-11)! pca954x_select: Failed to select the I2C multiplexor (addr=75, val=01, err=-11)! Failed to deselect the I2C multiplexor (addr=75, val=00, err=-11)! pca954x_select: Failed to select the I2C multiplexor (addr=75, val=04, err=-11)! Stopping PAN Software: [ OK ] Shutting down NFS daemon: [ OK ] Shutting down NFS mountd: nfsd: last server has exited, flushing export cache [ OK ] Shutting down NFS services: [ OK ] Shutting down RPC idmapd: [FAILED] Stopping xinetd: [ OK ] Shutting down kernel logger: [ OK ] Shutting down system logger: [ OK ] Stopping Networking: Cannot find device "sit0" [ OK ] Starting killall: Stopping crond: [ OK ] Shutting down ntpd: [ OK ] Stopping rpcbind: [ OK ] [ OK ] Sending all processes the TERM signal... Sending all processes the KILL signal... Saving random seed: Syncing hardware clock to system time Turning off swap: Unmounting pipe file systems: Unmounting file systems: Halting system... sd 0:0:0:0: [sda] Synchronizing SCSI cache sd 0:0:0:0: [sda] Stopping disk reboot: System halted
Environment
- PAN-OS 10.0.8-h4
- PA-800 Series Firewall
Cause
PAN-172890
Resolution
Upgrade to PAN-OS 10.0.9 or higher