UDP sessions stuck after recovering from failover

UDP sessions stuck after recovering from failover

54
Created On 01/30/26 10:14 AM - Last Modified 01/30/26 22:29 PM


Symptom


  • UDP traffic not being forwarded to the main link after recovering the primary link.
  • The main egress interface is ignored.
  • This can be a PBF rule or route change (triggered by OSPF, BGP, etc).

Environment


  • Any PAN-OS
  • Dual Homed configuration.

Cause


Once the primary link goes down, traffic will shift to the backup link, but if the primary link recovers, ongoing traffic will remain flowing via the backup link.
This has been addressed under PAN-289405.

Resolution


  1. The issue has been addressed under PAN-289405.
  2. The solution is to upgrade to the one of the following versions or higher:
    - 11.2.8, 12.1.2, 12.2.0, 11.1.11, 10.2.17, 11.1.14, 11.2.7-h4, 11.1.6-h21, 11.1.10-h7, 10.2.10-h28.
  3. After upgrade use the CLI command "set session no-refresh-on-discard yes".
  4. The default value is no, disabled.  Once set, it's recommended to perform a reboot, note that the command is persistent across reboots. 
  5. The setting can be observed under "show session info" command.

Additional Information


UDP sessions stuck after failover (set session teardown-upon-fwd-zonechange yes)
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000wkQuKAI&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail