CommitAll jobs to VM Firewalls Timeout and stall at 0%

CommitAll jobs to VM Firewalls Timeout and stall at 0%

1682
Created On 04/25/25 02:07 AM - Last Modified 05/13/25 02:30 AM


Symptom


  • High MP CPU utilization on firewalls.
  • Difficulty accessing firewalls via SSH.
  • Numerous pending jobs on firewalls.
  • CommitAll job stuck at 0% or Timeout.

Environment


  • Panorama managed VM Series Firewalls
  • PAN-OS 10.2.x
  • VM Sizing

Cause


  • Misconfiguration of the virtual machine (VM) sizing.
  • This led to a mismatch with the required CPU allocation for the firewalls.
  • Specifically, the firewalls with 4 CPUs were incorrectly configured with 3 DP and 1 MP CPUs.
  • The optimal performance requires a 2:2 MP:DP CPU ratio, as indicated in the VM Series System Requirements documentation.

Resolution


  1. Adjust the number of MP/DP CPUs on the affected firewalls to a 2:2 ratio.
  2. Refer the relevant Palo Alto Networks documentation customize data plane cores.
> show plugins vm_series dp-cores.  >> View the number of cores
> request plugins vm_series dp-cores 2  >>  Alter the number of dataplane cores

Additional Information


Temporarily removing one of the firewalls from the load balancer can restored SSH access to the affected device.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000blNBKAY&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language