Firewall 9.1.8 から 10.0.8-h4 へのアップグレード後に応答しなくなります。
12939
Created On 07/15/22 15:40 PM - Last Modified 03/02/23 05:28 AM
Symptom
アップグレード後;
- Firewall の電源がオフになり、接続されている SFP (すべて) が削除されました。
- その後、再び電源を入れ、アクセスできるようになりました。
- アクセスを確認したら、PAN-OSバージョンは予想通り 10.0.8-h4 です。
- しかしfirewallSPF が切断された状態でのみ表示されます。
- コンソール アクセスは次のように表示されます。
Verifying OSS integrity on Dataplane File System (POST) ... FIPS-CC integrity tests - Dataplane oss verification passed Verifying PAN-OS integrity on Dataplane File System (POST) ... Skipping logplane integrity tests on product with no lp * * * * * VERIFY File System Integrity Stage-1 passed * * * * * * * * * * CRYPTO POST Stage-1 begins * * * * * * * * * * CRYPTO POST Stage-1 passed * * * * * * * * * * FIPS-CC Self-Tests Stage-1 passed * * * * * FIPS-CC POST Stage-1 (sw-integrity and crypto tests) passed. * * * * * FIPS-CC Plugin Self-Tests Stage-1 begins * * * * * * * * * * FIPS-CC Plugin Self-Tests Stage-1 passed * * * * * Starting Networking: [ OK ] Starting system logger: [ OK ] Starting kernel logger: [ OK ] Starting rpcbind: [ OK ] Skipping sshd: starting with PAN system processes Starting xinetd: /etc/rc3.d/S56xinetd: line 66: warning: setlocale: LC_TIME: can not change locale (en_US): No such file or directory /etc/rc3.d/S56xinetd: line 67: warning: setlocale: LC_ALL: cannot change locale (en_US) /etc/rc3.d/S56xinetd: line 72: warning: setlocale: LC_ALL: cannot change locale (en_US) /bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US) [ OK ] Starting ntpd: [ OK ] FATAL: Module nfsd not found. FATAL: Error running install command for nfsd Starting NFS services: [ OK ] Starting NFS mountd: [ OK ] Starting NFS daemon: [ OK ] Starting RPC idmapd: [FAILED] Starting PAN Software: * * * * * FIPS-CC Plugin Self-Tests Stage-2 begins * * * * * * * * * * FIPS-CC Plugin Self-Tests Stage-2 passed * * * * * cgroup: cgroups_setup (3105) created nested cgroup for controller "blkio" which has incomplete hierarchy support. Nested cgroups may change behavior in the futu re. [ OK ] DE-REG-22443-FW-02 login: Waiting for another core to setup the PKI hardware...D one Failed to deselect the I2C multiplexor (addr=75, val=00, err=-11)! pca954x_select: Failed to select the I2C multiplexor (addr=75, val=01, err=-11)! Failed to deselect the I2C multiplexor (addr=75, val=00, err=-11)! pca954x_select: Failed to select the I2C multiplexor (addr=75, val=04, err=-11)! Stopping PAN Software: [ OK ] Shutting down NFS daemon: [ OK ] Shutting down NFS mountd: nfsd: last server has exited, flushing export cache [ OK ] Shutting down NFS services: [ OK ] Shutting down RPC idmapd: [FAILED] Stopping xinetd: [ OK ] Shutting down kernel logger: [ OK ] Shutting down system logger: [ OK ] Stopping Networking: Cannot find device "sit0" [ OK ] Starting killall: Stopping crond: [ OK ] Shutting down ntpd: [ OK ] Stopping rpcbind: [ OK ] [ OK ] Sending all processes the TERM signal... Sending all processes the KILL signal... Saving random seed: Syncing hardware clock to system time Turning off swap: Unmounting pipe file systems: Unmounting file systems: Halting system... sd 0:0:0:0: [sda] Synchronizing SCSI cache sd 0:0:0:0: [sda] Stopping disk reboot: System halted
Environment
- PAN-OS 10.0.8-h4
- PA-800 シリーズ Firewall
Cause
PAN-172890
Resolution
へのアップグレードPAN-OS10.0.9 以上