Interfaces flapping in Prisma access instances (Remote Network and Mobile Users Gateway)

Interfaces flapping in Prisma access instances (Remote Network and Mobile Users Gateway)

331
Created On 05/09/25 10:05 AM - Last Modified 11/11/25 23:27 PM


Symptom


  • ethernet1/3 bouncing in Remote Networks
    2025/05/09 11:16:45 info     port    ethern link-ch 0  Port ethernet1/3: MAC Up  
    2025/05/09 11:16:45 info     port    ethern link-ch 0  Port ethernet1/3: Up   10Gb/s-full duplex
    2025/05/09 11:16:44 info     port    ethern link-ch 0  Port ethernet1/3: Down Unknown duplex
    2025/05/09 11:11:14 info     port    ethern link-ch 0  Port ethernet1/3: Down 10Gb/s-full duplex
    2025/05/09 10:18:57 info     port    ethern link-ch 0  Port ethernet1/3: MAC Up  
    2025/05/09 10:18:57 info     port    ethern link-ch 0  Port ethernet1/3: Up   10Gb/s-full duplex
    2025/05/09 10:18:56 info     port    ethern link-ch 0  Port ethernet1/3: Down Unknown duplex
    2025/05/09 10:14:45 info     port    ethern link-ch 0  Port ethernet1/3: Down 10Gb/s-full duplex
    2025/05/09 09:57:07 info     port    ethern link-ch 0  Port ethernet1/3: MAC Up  
    2025/05/09 09:57:07 info     port    ethern link-ch 0  Port ethernet1/3: Up   10Gb/s-full duplex
  • interface shows state down
    name                    id    speed/duplex/state            mac address       
    --------------------------------------------------------------------------------
    <omitted for brevity>
    ethernet1/3             18    ukn/ukn/down(power-down)      42:01:64:76:44:5b 

name                id    vsys zone             forwarding               tag    address                                         
------------------- ----- ---- ---------------- ------------------------ ------ ------------------
<omitted for brevity>
ethernet1/3         18    1    trust            vr:default               0      100.118.68.91/18  

- Checking when the interface is up, related connected network is not installed in BGP, as connected networks are not redistributed into BGP

Environment


- Prisma Access
- PANO-OS 10.2.4
- PANO-OS 10.2.10

Cause


  • App Acceleration was introduced on 10.2.8 onwards
  • In Prisma Access service interfaces for App Accel: GPGW ethernet1/2 ; and RN ethernet1/3
  • saas-agent and saas-infra versions add service interfaces in PANOS 10.2.4 even though App Accel is not supported; also in later versions 10.2.10+ even if the customer has no App Accel license the service vNICs are added

Resolution


There is no services affected as the connected routes derived from the service vNICs are not propagated into BGP
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000fxWrKAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail