Prisma SD-WAN
Event Category-Device
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
- Prisma SD-WAN Key Elements
- Prisma SD-WAN Releases and Upgrades
- Use Copilot in Prisma SD-WAN
- Prisma SD-WAN Summary
- Prisma SD-WAN Application Insights
- Device Activity Charts
- Site Summary Dashboard
- Prisma SD-WAN Predictive Analytics Dashboard
- Prisma SD-WAN Link Quality Dashboard
- Prisma SD-WAN Subscription Usage
-
-
- Add a Branch
- Add a Data Center
- Add a Branch Gateway
- Secure Group Tags (SGT) Propagation
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure Secure SD-WAN Fabric Tunnels between Data Centers
- Configure a Site Prefix
- Configure Ciphers
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Sub-Interface
- Configure a Loopback Interface
- Add and Configure Port Channel Interface
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure an OSPF in Prisma SD-WAN
- Enable BGP for Private WAN and LAN
- Configure BGP Global Parameters
- Global or Local Scope for BGP Peers
- Configure a Route Map
- Configure a Prefix List
- Configure an AS Path List
- Configure an IP Community List
- View Routing Status and Statistics
- Distribution to Fabric
- Host Tracking
-
- Configure Multicast
- Create, Assign, and Configure a WAN Multicast Configuration Profile
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
-
- Prisma SD-WAN Branch HA Key Concepts
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Configure Branch HA in a Hybrid Topology with Gen-1 (3000) and Gen-2 (3200) Platforms
- Configure HA Groups
- Add ION Devices to HA Groups
- Edit HA Groups and Group Membership
- Prisma SD-WAN Clarity Reports
-
-
CloudBlade Integrations
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
-
-
-
-
- clear app-engine
- clear app-map dynamic
- clear app-probe prefix
- clear connection
- clear device account-login
- clear dhcplease
- clear dhcprelay stat
- clear flow and clear flows
- clear flow-arp
- clear qos-bwc queue-snapshot
- clear routing
- clear routing multicast statistics
- clear routing ospf
- clear routing peer-ip
- clear switch mac-address-entries
- clear user-id agent statistics
-
- arping interface
- curl
- ping
- ping6
- debug bounce interface
- debug bw-test src-interface
- debug cellular stats
- debug controller reachability
- debug flow
- debug ipfix
- debug log agent eal file log
- debug logging facility
- debug logs dump
- debug logs follow
- debug logs tail
- debug performance-policy
- debug poe interface
- debug process
- debug reboot
- debug routing multicast log
- debug routing multicast pimd
- debug servicelink logging
- debug tcpproxy
- debug time sync
- dig dns
- dig6
- file export
- file remove
- file space available
- file tailf log
- file view log
- ssh6 interface
- ssh interface
- tcpdump
- tcpping
- traceroute
- traceroute6
-
- dump appdef config
- dump appdef version
- dump app-engine
- dump app-l4-prefix table
- dump app-probe config
- dump app-probe flow
- dump app-probe prefix
- dump app-probe status
- dump auth config
- dump auth status
- dump banner config
- dump bfd status
- dump bypass-pair config
- dump cellular config
- dump cellular stats
- dump cellular status
- dump cgnxinfra status
- dump cgnxinfra status live
- dump cgnxinfra status store
- dump config network
- dump config security
- dump controller cipher
- dump controller status
- dump device accessconfig
- dump device conntrack count
- dump device date
- dump device info
- dump device status
- dump dhcp-relay config
- dump dhcprelay stat
- dump dhcp-server config
- dump dhcp-server status
- dump dhcpstat
- dump dnsservice config all
- dump dpdk cpu
- dump dpdk interface
- dump dpdk port status
- dump dpdk stats
- dump flow
- dump flow count-summary
- dump interface config
- dump interface status
- dump interface status interface details
- dump interface status interface module
- dump intra cluster tunnel
- dump ipfix config collector-contexts
- dump ipfix config derived-exporters
- dump ipfix config filter-contexts
- dump ipfix config ipfix-overrides
- dump ipfix config prefix-filters
- dump ipfix config profiles
- dump ipfix config templates
- dump lldp
- dump lldp config
- dump lldp info
- dump lldp stats
- dump lldp status
- dump log-agent eal conn
- dump log-agent eal response-time
- dump log-agent eal stats
- dump log-agent config
- dump log-agent iot snmp config
- dump log-agent iot snmp device discovery stats
- dump log-agent ip mac bindings
- dump log-agent neighbor discovery stats
- dump log-agent status
- dump ml7 mctd counters
- dump ml7 mctd session
- dump ml7 mctd version
- dump nat counters
- dump nat6 counters
- dump nat summary
- dump network-policy config policy-rules
- dump network-policy config policy-sets
- dump network-policy config policy-stacks
- dump network-policy config prefix-filters
- dump overview
- dump performance-policy config policy-rules
- dump performance-policy config policy-sets
- dump performance-policy config policy-set-stacks
- dump performance-policy config threshold-profile
- dump poe system config
- dump poe system status
- dump priority-policy config policy-rules
- dump priority-policy config policy-sets
- dump priority-policy config policy-stacks
- dump priority-policy config prefix-filters
- dump probe config
- dump probe profile
- dump radius config
- dump radius statistics
- dump radius status
- dump reachability-probe config
- dump qos-bwc config
- dump reachability-probe status
- dump routing aspath-list
- dump routing cache
- dump routing communitylist
- dump routing multicast config
- dump routing multicast igmp
- dump routing multicast interface
- dump routing multicast internal vif-entries
- dump routing multicast mroute
- dump routing multicast pim
- dump routing multicast sources
- dump routing multicast statistics
- dump routing multicast status
- dump routing ospf
- dump routing peer advertised routes
- dump routing peer config
- dump routing peer neighbor
- dump routing peer received-routes
- dump routing peer routes
- dump routing peer route-via
- dump routing peer status
- dump routing peer route-json
- dump routing prefixlist
- dump routing prefix-reachability
- dump routing route
- dump routing routemap
- dump routing running-config
- dump routing summary
- dump routing static-route reachability-status
- dump routing static-route config
- dump routing vpn host tracker
- dump security-policy config policy-rules
- dump security-policy config policy-set
- dump security-policy config policy-set-stack
- dump security-policy config prefix-filters
- dump security-policy config zones
- dump sensor type
- dump sensor type summary
- dump serviceendpoints
- dump servicelink summary
- dump servicelink stats
- dump servicelink status
- dump site config
- dump snmpagent config
- dump snmpagent status
- dump software status
- dump spoke-ha config
- dump spoke-ha status
- dump standingalarms
- dump static-arp config
- dump static host config
- dump static routes
- dump support details
- dump-support
- dump switch fdb vlan-id
- dump switch port status
- dump switch vlan-db
- dump syslog config
- dump syslog-rtr stats
- dump syslog status
- dump time config
- dump time log
- dump time status
- dump troubleshoot message
- dump user-id agent config
- dump user-id agent statistics
- dump user-id agent status
- dump user-id agent summary
- dump user-id groupidx
- dump user-id group-mapping
- dump user-id ip-user-mapping
- dump user-id statistics
- dump user-id status
- dump user-id summary
- dump user-id useridx
- dump vlan member
- dump vpn count
- dump vpn ka all
- dump vpn ka summary
- dump vpn ka VpnID
- dump vpn status
- dump vpn summary
- dump vrf
- dump waninterface config
- dump waninterface summary
-
- inspect app-flow-table
- inspect app-l4-prefix lookup
- inspect app-map
- inspect certificate
- inspect certificate device
- inspect cgnxinfra role
- inspect connection
- inspect dhcplease
- inspect dhcp6lease
- inspect dpdk ip-rules
- inspect dpdk vrf
- inspect fib
- inspect fib-leak
- inspect flow-arp
- inspect flow brief
- inspect flow-detail
- inspect flow internal
- inspect interface stats
- inspect ipfix exporter-stats
- inspect ipfix collector-stats
- inspect ipfix app-table
- inspect ipfix wan-path-info
- inspect ipfix interface-info
- inspect ip-rules
- inspect ipv6-rules
- inspect lqm stats
- inspect memory summary
- inspect network-policy conflicts
- inspect network-policy dropped
- inspect network-policy hits policy-rules
- inspect network-policy lookup
- inspect performance-policy fec status
- inspect policy-manager status
- inspect policy-mix lookup-flow
- inspect priority-policy conflicts
- inspect priority-policy dropped
- inspect priority-policy hits default-rule-dscp
- inspect priority-policy hits policy-rules
- inspect priority-policy lookup
- inspect performance-policy incidents
- inspect performance-policy lookup
- inspect performance-policy hits analytics
- inspect process status
- inspect qos-bwc debug-state
- inspect qos-bwc queue-history
- inspect qos-bwc queue-snapshot
- inspect routing multicast fc site-iface
- inspect routing multicast interface
- inspect routing multicast mroute
- inspect security-policy lookup
- inspect security-policy size
- inspect switch mac-address-table
- inspect system arp
- inspect system ipv6-neighbor
- inspect system vrf
- inspect vrf
- inspect wanpaths
-
-
5.6
- 5.6
- 6.1
- 6.2
- 6.3
- 6.4
- 6.5
- New Features Guide
- On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
-
- Features Introduced in Prisma SD-WAN ION Release 5.6
- Changes to Default Behavior in Prisma SD-WAN ION Release 5.6
- Upgrade ION 9000 Firmware for Device Version 5.6.x
- CLI Commands in Prisma SD-WAN ION Release 5.6
- Addressed Issues in Prisma SD-WAN ION Release 5.6
- Known Issues in Prisma SD-WAN ION Release 5.6
Event Category-Device
Incident and alert event codes based on the categories for troubleshooting in Prisma
SD-WAN, Event category - device codes.
Where Can I Use This? | What Do I Need? |
---|---|
|
|
The following tables describe a list of event or incident codes, the event
origin, its severity, and a description of each event as per the event category.
INCIDENT CODE | EVENT ORIGIN | INCIDENT /ALERT | SEVERITY | EVENT TITLE | EVENT DESCRIPTION | RELEASE INTRODUCED |
---|---|---|---|---|---|---|
CLAIMCERT_AUTO_
RENEWAL_DISABLED
| Device | ALERT | Warning | Auto Renewal of Claim Certificate is Disabled. | The scheduler process for Claim Certificate renewals wasn't initialized which has caused the auto renewal feature to be disabled on the device. Renewal of Claim Certificate must be triggered manually from the Controller. | 5.5.1 |
CLAIMCERT_
RENEWAL_FAILED
| Device | ALERT | Warning | Renewal of Claim Certificate failed. | The process of renewing the Claim Certificate encountered problems. These may be related to external events such as failures reported by CA or an incorrect or invalid certificate being issued. Other reasons can be internal failures such as problems arising from generating a CSR request or receiving CSR details from the controller. | 5.5.1 |
CLAIMCERT_
RENEWAL_RETRY_
LIMIT_EXCEEDED
| Device | INCIDENT | Critical | Claim Certificate Renewal Attempts Exceeded Retry Limit. | There were errors observed during the process of Claim Certificate renewal. Repeated attempts to renew the Claim Certificate exceeded three consecutive retries. Auto renewal is therefore disabled and a renewal must be triggered from the Controller. However, this event indicates a problem that’s external to the process and it must be attended to immediately. | 5.5.1 |
CLAIMCERT_
RENEWALS_
TOO_FREQUENT
| Device | ALERT | Warning | Claim Certificate is being Renewed Too Frequently. | A condition is reached where a renewed Claim Certificate has already expired and a subsequent renewal is attempted. This condition may occur when the renewal window configured on the Controller is incorrect or the Certificate issued by the CA has an expiry time that has already elapsed. | 5.5.1 |
DEVICEIF_
IPV6_
ADDRESS_
DUPLICATE
| Device | INCIDENT | Warning | Duplicate IPv6 address | Another device in the local network is using an IPv6 address assigned to this device. | 6.1.1 |
DEVICEHW_
DISKUTIL_
FRUSSD
| Device | INCIDENT | Warning | FRU SSD Unavailable | Logs and core files are normally stored on separate media on this platform. That media is not currently available. Contact Palo Alto Networks Support. | 6.2.1 |
DEVICEHW_
DISKENC_
SYSTEM
| Device | INCIDENT | Critical | Disk Encryption Upgrade Failure. | One of the disks partitions failed to convert into an encrypted partition during the last device upgrade. | 4.5.1 |
DEVICEHW_
DISKUTIL_
PARTITION
SPACE
| Device | INCIDENT | Warning | High Disk Capacity Utilization. | Disk Storage Utilization on a device has reached 85% capacity. Noncritical functions, including logging and statistics export may be impacted. | 4.5.1 |
DEVICEHW_
INTERFACE_
ERRORS
| Device | ALERT | Warning | High rate of errors on the interface. | The number of transmission and/or reception errors seen on an interface over the last one hour period has exceeded the threshold. The threshold is 0.5% of received or transmitted packet count in the same one hour period. | 4.5.1 |
DEVICEHW_
INTERFACE_
HALFDUPLEX
| Device | INCIDENT | Warning | Interface running in half-duplex mode. | An interface has negotiated half duplex, although it's allowed to run in full duplex, which is preferred. | 4.5.1 |
DEVICEHW_
INTERFACE_
DOWN
| Device | INCIDENT | Warning | Interface Down. | A configured Admin-Up interface is
not receiving a signal or experiencing an error that has caused lack of
data flow through that interface. Release 5.4.1 onward, when
DEVICEHW_ INTERFACE_ DOWN incident is raised, it also
shows Related Faults. These faults are caused due to this incident
that can be NETWORK_ SECUREFABRICLINK_ DEGRADED or
NETWORK_ SECUREFABRICLINK_ DOWN. | 4.5.1 |
DEVICEHW_
MEMUTIL_
SWAPSPACE
| Device | INCIDENT | Critical | High Memory Utilization. | Memory utilization on a device has reached maximum capacity forcing use of disk-based swap space. Sub-optimal performance impact device functions. | 4.5.1 |
DEVICEHW_
POWER_LOST
| Device | INCIDENT | Warning | Power Lost. | The power supply unit is reporting loss of power, possibly due to failure or unplugged power cable. | 4.5.1 |
DEVICEHW_
POWER_
MISSING
| Device | INCIDENT | Warning | Power Supply Missing | If PSU is missing or AC voltage is not detected in ION 5200 and 9200, Power Missing alarm with reason psu_not_present and ac_lost respectively is raised. | 6.4.1 |
DEVICEHW_
TEMPERATURE_
SENSOR
| Device | INCIDENT | Warning | Operating temperature beyond threshold | One or more thermal sensors have reported temperature beyond the operationally safe threshold. Please monitor the device temperature activity chart. If the condition persists, the device will shutdown. This will require manual intervention to turn the device backup . | 6.2.1 |
DEVICEIF_
ADDRESS_
DUPLICATE
| Device | ALERT | Warning | Interface Duplicate Address. | Another device in the local network is using an IP address assigned to this device. | 4.5.1 |
DEVICESW_
CONCURRENT_
FLOWLIMIT_
EXCEEDED
| Device | INCIDENT | Critical | Concurrent flow limit. | The system has reached edits allowed max concurrent flow limit. | 4.5.1 |
DEVICESW_
CONCURRENT_
FLOW_
SOFTLIMIT_
EXCEEDED
| Device | ALERT | Informational | Concurrent flow soft limit. | The system reached its 75% of the max concurrent flow limit. | 6.2.1 |
DEVICESW_
IMAGE
_UNSUPPORTED
| Controller | INCIDENT | Critical | Unsupported Software Image | The device's software image isn't recognized by the controller. The software version may not be allowed in the network or may no longer exist. | |
DEVICESW_
INTERFACE_
CONFIG_
OUTOFSYNC
| Device | INCIDENT | Warning | Interface configuration out-of-sync | When a user modifies interface configuration via the toolkit command when a device is in an assigned state. As a result, the configuration between the element and the controller goes out of sync. | 6.3.1 |
APPLICATION
_PROBE_
DISABLED
| Device | INCIDENT | Warning | Application Probe Disabled | Application probes are disabled either due to incomplete configuration or invalid state. The device will no longer issue an application probe to detect application reachability unless the issue is resolved. Consequently, if application probes are disabled then the application will no longer switch to alternative paths in case it fails on its current path. | |
DEVICESW_
CRITICAL_
PROCESSRESTART
| Device | ALERT | Critical | Critical Process Restart. | A critical software process on the device has restarted either due to an error or as a self-recovery method. Process restart as a self-recovery does not impact long-term functions on the device but can cause short-term suboptimal dataplane functions and errors. | 4.6.1 |
DEVICESW_
CRITICAL_
PROCESSSTOP
| Device | INCIDENT | Critical | Critical Process Stopped. | A critical software process on the device has stopped due to an error and is unable to recover with a self-restart. Impacts data forwarding functionality. | 4.6.1 |
DEVICESW_
DHCPRELAY_
RESTART
| Device | ALERT | Informational | The DHCP relay agent restarted. | The DHCP relay agent on a device has restarted and recovered from an error. | 4.4.1 |
DEVICESW_
DHCPSERVER_
ERRORS
| Device | INCIDENT | Critical | The DHCP server failed to start. | DHCP server listening on physical interfaces failed to
start due to the following reasons:
| 4.4.1 |
DEVICESW_
DHCPSERVER_
RESTART
| Device | ALERT | Informational | The DHCP server restarted. | The DHCP server listening on physical interfaces has restarted and recovered from an error. | 4.4.1 |
DEVICESW_
DISCONNECTED_
FROM_
CONTROLLER
| Device | INCIDENT | Warning | Device disconnected from Controller | Release 5.4.1 and later Device has remained disconnected from the controller for a prolonged duration. The incident hold time has been reduced to 10 minutes. Releases prior to Release 5.4.1 the hold time was 30 minutes. | 5.0.3 |
DEVICESW_
FPS_
LIMIT_ EXCEEDED
| Device | INCIDENT | Warning | Flows Per Second limit. | The system has reached its allowed flows per second limit. | 4.5.1 |
DEVICESW_
GENERAL_
PROCESSRE
START
| Device | ALERT | Informational | Process Restart. | A software process on the device has restarted either due to an error or a self-recovery method. Process restart as self-recovery does not impact long-term functions on the device. However, it can cause short-term suboptimal functions and errors. | 4.5.1 |
DEVICESW_
GENERAL_
PROCESSSTOP
| Device | INCIDENT | Warning | The process Stopped. | A software process on the device has stopped due to an error and is unable to recover with a self-restart. Impacts the Functionality. | 4.5.1 |
DEVICESW_
INITIATED_
CONNECTION
_ON_
EXCLUDED_
PATH
| Device | INCIDENT | Warning | Device Initiated Connection on the excluded path. | Due to the lack of any other available interface, established a device-initiated controller connection from an excluded interface as a last resort. | 5.4.3 |
DEVICESW_
LICENSE_
VERIFICATION_
FAILED
| Device | INCIDENT | Critical | Virtual ION license verification failed. | The license is no longer valid. The maximum ION device deployment limit is reached. | 4.5.1 |
DEVICESW_
MONITOR_ DISABLED
| Device | INCIDENT | Warning | System Monitoring Disabled | A software process that monitors the health of a device and its hardware or software components is disabled. | 4.5.1 |
DEVICESW
_NTP_
NO_SYNC
| Device | INCIDENT | Warning | NTP synchronization failed. | Device NTP has been unreachable for more than 24 hours. | 4.6.1 |
DEVICESW
_SNMP_
AGENT_ RESTART
| Device | ALERT | Informational | SNMP | The SNMP agent on a device has restarted. | 4.5.1 |
DEVICESW_
SNMP_
AGENT_
FAILED_
TO_START
| Device | ALERT | Warning | SNMP Agent failed to start. | SNMP Agent failed to start due to either invalid configuration or decryption failure. | 5.2.1 |
DEVICESW_
SYSTEM_
BOOT
| Device | ALERT | Critical | Device Reboot. | Device rebooted either due to recovery from an incident condition or as part of normal operations, including user initiated reboots and software upgrades. Reboots due to incident conditions can cause suboptimal or significantly reduced functionality on the device. | 4.5.1 |
DEVICESW_
TOKEN_
VERIFICATION_
FAILED
| Device | ALERT | Critical | Virtual ION token validation failed. | The token is no longer valid. It's currently utilized, expired, or revoked. | 4.5.1 |
DEVICESW_
CONNTRACK_
FLOWLIMIT_
EXCEEDED
| Device | INCIDENT | Critical | Conntrack table flow count exceeded the threshold. | The number of flows in the connection tracking table that are used for features such as NAT and device management policy has exceeded the 90% threshold. | 5.2.1 |
DEVICESW_
IPFIX_
COLLECTORS
_DOWN
| Device | INCIDENT | Warning | IPFIX collectors down | The IPFIX export process observes that there are no active connections to the IPFIX collectors. The process will continue to monitor the connection status and resume export of the IPFIX records once the connection is re-established. | 5.5.1 |
DEVICESW_
SYSLOG
SERVERS_
DOWN
| Device | INCIDENT | Informational | Syslog Export Down | A Syslog Export daemon failed to connect with a remote syslog server. | 5.6.1 |
DEVICESW_
ANALYTICS_
DISCONNECTED_
FROM_CONTROLLER
| Controller | INCIDENT | Informational | Device analytics disconnected from Controller | Device analytics has remained disconnected from the Controller for a prolonged duration. | 5.6.1 |
DEVICESW
_FLOWS_
DISCONNECTED_
FROM_
CONTROLLER
| Controller | INCIDENT | Informational | Device flows disconnected from Controller | Device flows have remained disconnected from the Controller for a prolonged duration. | 5.6.1 |
NAT_POLICY_
STATIC_
NATPOOL_
OVERRUN
| Device | INCIDENT | Informational | The static NAT pool range is overrun by selector prefix. | The configured NAT pool range can't map 1:1 with the matching traffic selector prefix. | 5.2.1 |