Firewall 从 9.1.8 升级到 10.0.8-h4 后变得无响应。
12897
Created On 07/15/22 15:40 PM - Last Modified 03/02/23 05:33 AM
Symptom
升级后;
- Firewall 已关闭电源并移除连接到它的 SFP(任何)。
- 然后它再次通电,我们就可以访问它了。
- 一旦我们访问检查PAN-OS版本是预期的 10.0.8-h4,
- 但是firewall只有断开连接的 SPF。
- 控制台访问显示如下;
Verifying OSS integrity on Dataplane File System (POST) ... FIPS-CC integrity tests - Dataplane oss verification passed Verifying PAN-OS integrity on Dataplane File System (POST) ... Skipping logplane integrity tests on product with no lp * * * * * VERIFY File System Integrity Stage-1 passed * * * * * * * * * * CRYPTO POST Stage-1 begins * * * * * * * * * * CRYPTO POST Stage-1 passed * * * * * * * * * * FIPS-CC Self-Tests Stage-1 passed * * * * * FIPS-CC POST Stage-1 (sw-integrity and crypto tests) passed. * * * * * FIPS-CC Plugin Self-Tests Stage-1 begins * * * * * * * * * * FIPS-CC Plugin Self-Tests Stage-1 passed * * * * * Starting Networking: [ OK ] Starting system logger: [ OK ] Starting kernel logger: [ OK ] Starting rpcbind: [ OK ] Skipping sshd: starting with PAN system processes Starting xinetd: /etc/rc3.d/S56xinetd: line 66: warning: setlocale: LC_TIME: can not change locale (en_US): No such file or directory /etc/rc3.d/S56xinetd: line 67: warning: setlocale: LC_ALL: cannot change locale (en_US) /etc/rc3.d/S56xinetd: line 72: warning: setlocale: LC_ALL: cannot change locale (en_US) /bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US) [ OK ] Starting ntpd: [ OK ] FATAL: Module nfsd not found. FATAL: Error running install command for nfsd Starting NFS services: [ OK ] Starting NFS mountd: [ OK ] Starting NFS daemon: [ OK ] Starting RPC idmapd: [FAILED] Starting PAN Software: * * * * * FIPS-CC Plugin Self-Tests Stage-2 begins * * * * * * * * * * FIPS-CC Plugin Self-Tests Stage-2 passed * * * * * cgroup: cgroups_setup (3105) created nested cgroup for controller "blkio" which has incomplete hierarchy support. Nested cgroups may change behavior in the futu re. [ OK ] DE-REG-22443-FW-02 login: Waiting for another core to setup the PKI hardware...D one Failed to deselect the I2C multiplexor (addr=75, val=00, err=-11)! pca954x_select: Failed to select the I2C multiplexor (addr=75, val=01, err=-11)! Failed to deselect the I2C multiplexor (addr=75, val=00, err=-11)! pca954x_select: Failed to select the I2C multiplexor (addr=75, val=04, err=-11)! Stopping PAN Software: [ OK ] Shutting down NFS daemon: [ OK ] Shutting down NFS mountd: nfsd: last server has exited, flushing export cache [ OK ] Shutting down NFS services: [ OK ] Shutting down RPC idmapd: [FAILED] Stopping xinetd: [ OK ] Shutting down kernel logger: [ OK ] Shutting down system logger: [ OK ] Stopping Networking: Cannot find device "sit0" [ OK ] Starting killall: Stopping crond: [ OK ] Shutting down ntpd: [ OK ] Stopping rpcbind: [ OK ] [ OK ] Sending all processes the TERM signal... Sending all processes the KILL signal... Saving random seed: Syncing hardware clock to system time Turning off swap: Unmounting pipe file systems: Unmounting file systems: Halting system... sd 0:0:0:0: [sda] Synchronizing SCSI cache sd 0:0:0:0: [sda] Stopping disk reboot: System halted
Environment
- PAN-OS 10.0.8-h4
- PA-800 系列 Firewall
Cause
PAN-172890
Resolution
升级到PAN-OS10.0.9 或更高版本