Prisma SD-WAN
Event Category-Device
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
- Prisma SD-WAN Controller
-
- CloudBlade Integrations
- CloudBlades Integration with Prisma Access
-
-
-
-
- 6.5
- 6.4
- 6.3
- 6.1
- 5.6
- Prisma SD-WAN Controller
- Prisma SD-WAN On-Premises Controller
- Prisma SD-WAN CloudBlades
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
Event Category-Device
Incident and alert event codes based on the categories for troubleshooting in Prisma
SD-WAN, Event category - device codes.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
The following tables describe a list of event or incident codes, the event
origin, its severity, and a description of each event as per the event category.
| INCIDENT CODE | EVENT ORIGIN | INCIDENT /ALERT | SEVERITY | EVENT TITLE | EVENT DESCRIPTION | RELEASE INTRODUCED |
|---|---|---|---|---|---|---|
|
CLAIMCERT_
AUTO_
RENEWAL_
DISABLED
| Device | ALERT | Warning | Auto Renewal of Claim Certificate is Disabled. | The scheduler process for Claim Certificate renewals wasn't initialized which has caused the auto renewal feature to be disabled on the device. Renewal of Claim Certificate must be triggered manually from the Controller. | 5.5.1 |
|
CLAIMCERT_
RENEWAL_
FAILED
| Device | ALERT | Warning | Renewal of Claim Certificate failed. | The process of renewing the Claim Certificate encountered problems. These may be related to external events such as failures reported by CA or an incorrect or invalid certificate being issued. Other reasons can be internal failures such as problems arising from generating a CSR request or receiving CSR details from the controller. | 5.5.1 |
|
CLAIMCERT_
RENEWAL_
RETRY_
LIMIT_
EXCEEDED
| Device | INCIDENT | Critical | Claim Certificate Renewal Attempts Exceeded Retry Limit. | There were errors observed during the process of Claim Certificate renewal. Repeated attempts to renew the Claim Certificate exceeded three consecutive retries. Auto renewal is therefore disabled and a renewal must be triggered from the Controller. However, this event indicates a problem that’s external to the process and it must be attended to immediately. | 5.5.1 |
|
CLAIMCERT_
RENEWALS_
TOO_
FREQUENT
| Device | ALERT | Warning | Claim Certificate is being Renewed Too Frequently. | A condition is reached where a renewed Claim Certificate has already expired and a subsequent renewal is attempted. This condition may occur when the renewal window configured on the Controller is incorrect or the Certificate issued by the CA has an expiry time that has already elapsed. | 5.5.1 |
|
DEVICEIF_
IPV6_
ADDRESS_
DUPLICATE
| Device | INCIDENT | Warning | Duplicate IPv6 address | Another device in the local network is using an IPv6 address assigned to this device. | 6.1.1 |
|
DEVICEHW_
DISKUTIL_
FRUSSD
| Device | INCIDENT | Warning | FRU SSD Unavailable | Logs and core files are normally stored on separate media on this platform. That media is not currently available. Contact Palo Alto Networks Support. | 6.2.1 |
|
DEVICEHW_
DISKENC_
SYSTEM
| Device | INCIDENT | Critical | Disk Encryption Upgrade Failure. | One of the disks partitions failed to convert into an encrypted partition during the last device upgrade. | 4.5.1 |
|
DEVICEHW_
DISKUTIL_
PARTITION
SPACE
| Device | INCIDENT | Warning | High Disk Capacity Utilization. | Disk Storage Utilization on a device has reached 85% capacity. Noncritical functions, including logging and statistics export may be impacted. | 4.5.1 |
|
DEVICEHW_
INTERFACE_
ERRORS
| Device | ALERT | Warning | High rate of errors on the interface. | The number of transmission and/or reception errors seen on an interface over the last one hour period has exceeded the threshold. The threshold is 0.5% of received or transmitted packet count in the same one hour period. | 4.5.1 |
|
DEVICEHW_
INTERFACE_
HALFDUPLEX
| Device | INCIDENT | Warning | Interface running in half-duplex mode. | An interface has negotiated half duplex, although it's allowed to run in full duplex, which is preferred. | 4.5.1 |
|
DEVICEHW_
INTERFACE_
DOWN
| Device | INCIDENT | Warning | Interface Down. | A configured Admin-Up interface is
not receiving a signal or experiencing an error that has caused lack of
data flow through that interface. Release 5.4.1 onward, when
DEVICEHW_ INTERFACE_ DOWN incident is raised, it also
shows Related Faults. These faults are caused due to this incident
that can be NETWORK_ SECUREFABRICLINK_ DEGRADED or
NETWORK_ SECUREFABRICLINK_ DOWN. | 4.5.1 |
|
DEVICEHW_
MEMUTIL_
SWAPSPACE
| Device | INCIDENT | Critical | High Memory Utilization. | Memory utilization on a device has reached maximum capacity forcing use of disk-based swap space. Sub-optimal performance impact device functions. | 4.5.1 |
|
DEVICEHW_
POWER_LOST
| Device | INCIDENT | Warning | Power Lost. | The power supply unit is reporting loss of power, possibly due to failure or unplugged power cable. | 4.5.1 |
|
DEVICEHW_
POWER_
MISSING
| Device | INCIDENT | Warning | Power Supply Missing | If PSU is missing or AC voltage is not detected in ION 5200 and 9200, Power Missing alarm with reason psu_not_present and ac_lost respectively is raised. | 6.4.1 |
|
DEVICEHW_
TEMPERATURE_
SENSOR
| Device | INCIDENT | Warning | Operating temperature beyond threshold | One or more thermal sensors have reported temperature beyond the operationally safe threshold. Please monitor the device temperature activity chart. If the condition persists, the device will shutdown. This will require manual intervention to turn the device backup . | 6.2.1 |
|
DEVICEIF_
ADDRESS_
DUPLICATE
| Device | ALERT | Warning | Interface Duplicate Address. | Another device in the local network is using an IP address assigned to this device. | 4.5.1 |
|
DEVICESW_
CONCURRENT_
FLOWLIMIT_
EXCEEDED
| Device | INCIDENT | Critical | Concurrent flow limit. | The system has reached edits allowed max concurrent flow limit. | 4.5.1 |
|
DEVICESW_
CONCURRENT_
FLOW_
SOFTLIMIT_
EXCEEDED
| Device | ALERT | Informational | Concurrent flow soft limit. | The system reached its 75% of the max concurrent flow limit. | 6.2.1 |
|
DEVICESW_
IMAGE
_UNSUPPORTED
| Controller | INCIDENT | Critical | Unsupported Software Image | The device's software image isn't recognized by the controller. The software version may not be allowed in the network or may no longer exist. | |
|
DEVICESW_
INTERFACE_
CONFIG_
OUTOFSYNC
| Device | INCIDENT | Warning | Interface configuration out-of-sync | When a user modifies interface configuration via the toolkit command when a device is in an assigned state. As a result, the configuration between the element and the controller goes out of sync. | 6.3.1 |
|
APPLICATION
_PROBE_
DISABLED
| Device | INCIDENT | Warning | Application Probe Disabled | Application probes are disabled either due to incomplete configuration or invalid state. The device will no longer issue an application probe to detect application reachability unless the issue is resolved. Consequently, if application probes are disabled then the application will no longer switch to alternative paths in case it fails on its current path. | |
|
DEVICESW_
CRITICAL_
PROCESSRESTART
| Device | ALERT | Critical | Critical Process Restart. | A critical software process on the device has restarted either due to an error or as a self-recovery method. Process restart as a self-recovery does not impact long-term functions on the device but can cause short-term suboptimal dataplane functions and errors. | 4.6.1 |
|
DEVICESW_
CRITICAL_
PROCESSSTOP
| Device | INCIDENT | Critical | Critical Process Stopped. | A critical software process on the device has stopped due to an error and is unable to recover with a self-restart. Impacts data forwarding functionality. | 4.6.1 |
|
DEVICESW_
DHCPRELAY_
RESTART
| Device | ALERT | Informational | The DHCP relay agent restarted. | The DHCP relay agent on a device has restarted and recovered from an error. | 4.4.1 |
|
DEVICESW_
DHCPSERVER_
ERRORS
| Device | INCIDENT | Critical | The DHCP server failed to start. | DHCP server listening on physical interfaces failed to
start due to the following reasons:
| 4.4.1 |
|
DEVICESW_
DHCPSERVER_
RESTART
| Device | ALERT | Informational | The DHCP server restarted. | The DHCP server listening on physical interfaces has restarted and recovered from an error. | 4.4.1 |
|
DEVICESW_
DISCONNECTED_
FROM_
CONTROLLER
| Device | INCIDENT | Warning | Device disconnected from Controller | Release 5.4.1 and later Device has remained disconnected from the controller for a prolonged duration. The incident hold time has been reduced to 10 minutes. Releases prior to Release 5.4.1 the hold time was 30 minutes. | 5.0.3 |
|
DEVICESW_
FPS_
LIMIT_
EXCEEDED
| Device | INCIDENT | Warning | Flows Per Second limit. | The system has reached its allowed flows per second limit. | 4.5.1 |
|
DEVICESW_
GENERAL_
PROCESSRE
START
| Device | ALERT | Informational | Process Restart. | A software process on the device has restarted either due to an error or a self-recovery method. Process restart as self-recovery does not impact long-term functions on the device. However, it can cause short-term suboptimal functions and errors. | 4.5.1 |
|
DEVICESW_
GENERAL_
PROCESSSTOP
| Device | INCIDENT | Warning | The process Stopped. | A software process on the device has stopped due to an error and is unable to recover with a self-restart. Impacts the Functionality. | 4.5.1 |
|
DEVICESW_
INITIATED_
CONNECTION_
ON_
EXCLUDED_
PATH
| Device | INCIDENT | Warning | Device Initiated Connection on the excluded path. | Due to the lack of any other available interface, established a device-initiated controller connection from an excluded interface as a last resort. | 5.4.3 |
|
DEVICESW_
LICENSE_
VERIFICATION_
FAILED
| Device | INCIDENT | Critical | Virtual ION license verification failed. | The license is no longer valid. The maximum ION device deployment limit is reached. | 4.5.1 |
|
DEVICESW_
MONITOR_ DISABLED
| Device | INCIDENT | Warning | System Monitoring Disabled | A software process that monitors the health of a device and its hardware or software components is disabled. | 4.5.1 |
|
DEVICESW_
NTP_
NO_
SYNC
| Device | INCIDENT | Warning | NTP synchronization failed. | Device NTP has been unreachable for more than 24 hours. | 4.6.1 |
|
DEVICESW_
SNMP_
AGENT_
RESTART
| Device | ALERT | Informational | SNMP | The SNMP agent on a device has restarted. | 4.5.1 |
|
DEVICESW_
SNMP_
AGENT_
FAILED_
TO_
START
| Device | ALERT | Warning | SNMP Agent failed to start. | SNMP Agent failed to start due to either invalid configuration or decryption failure. | 5.2.1 |
|
DEVICESW_
SYSTEM_
BOOT
| Device | ALERT | Critical | Device Reboot. | Device rebooted either due to recovery from an incident condition or as part of normal operations, including user initiated reboots and software upgrades. Reboots due to incident conditions can cause suboptimal or significantly reduced functionality on the device. | 4.5.1 |
|
DEVICESW_
TOKEN_
VERIFICATION_
FAILED
| Device | ALERT | Critical | Virtual ION token validation failed. | The token is no longer valid. It's currently utilized, expired, or revoked. | 4.5.1 |
|
DEVICESW_
CONNTRACK_
FLOWLIMIT_
EXCEEDED
| Device | INCIDENT | Critical | Conntrack table flow count exceeded the threshold. | The number of flows in the connection tracking table that are used for features such as NAT and device management policy has exceeded the 90% threshold. | 5.2.1 |
|
DEVICESW_
IPFIX_
COLLECTORS
_DOWN
| Device | INCIDENT | Warning | IPFIX collectors down | The IPFIX export process observes that there are no active connections to the IPFIX collectors. The process will continue to monitor the connection status and resume export of the IPFIX records once the connection is re-established. | 5.5.1 |
|
DEVICESW_
SYSLOG
SERVERS_
DOWN
| Device | INCIDENT | Informational | Syslog Export Down | A Syslog Export daemon failed to connect with a remote syslog server. | 5.6.1 |
|
DEVICESW_
ANALYTICS_
DISCONNECTED_
FROM_
CONTROLLER
| Controller | INCIDENT | Informational | Device analytics disconnected from Controller | Device analytics has remained disconnected from the Controller for a prolonged duration. | 5.6.1 |
|
DEVICESW
_FLOWS_
DISCONNECTED_
FROM_
CONTROLLER
| Controller | INCIDENT | Informational | Device flows disconnected from Controller | Device flows have remained disconnected from the Controller for a prolonged duration. | 5.6.1 |
|
FLOW_
LIMIT_
PER_SOURCE
EXCEEDED
| Device | INCIDENT | Warning | Exceeded Flow Limit Threshold | When the user exceeds the configured Flow Limit Threshold. | 6.3.6 |
|
NAT_POLICY_
STATIC_
NATPOOL_
OVERRUN
| Device | INCIDENT | Informational | The static NAT pool range is overrun by selector prefix. | The configured NAT pool range can't map 1:1 with the matching traffic selector prefix. | 5.2.1 |
|
DEVICESW_
DNSSECCLOUDSERVER_
DOWN
| Device | INCIDENT | Warning | DNS Security Cloud Server Unreachable | The DNS Security Cloud Server connection is lost, preventing the categorization of DNS requests. |
6.5.3-i
|
|
DEVICESW_
SLSCONNECTION_
DOWN
| Device | INCIDENT | Warning | SLS Cloud Server Unreachable | The Secure Logging Service (SLS) Cloud Server connection has remained disconnected, impacting logging functionality. | |
|
DEVICESW_
URLCLOUDSERVER_
DOWN
| Device | INCIDENT | URL Cloud Server Unreachable | The URL Cloud Server is unreachable, preventing URL categorization. | ||
|
DEVICESW_
APPDEF_
SIGFILE_
MISMATCH
| Device | INCIDENT | Warning | App/Signature File Version Mismatch | The Application Definition (Appdef) and Signature file versions do not match. |
6.0.1
|
|
DEVICESW_
MCTD_
INITIALIZATION_
FAILURE
| Device | ALERT | ML7 Data Plane Initialization Failure | The ml7 data plane failed to initialize. | ||
|
DEVICESW_
MCTD_
CONTENT_
LOAD_
FAILURE
| Device | ALERT | ML7 Content Load Failure | The ml7 content files failed to load. | ||
|
DEVICESW_
MCTD_
LOG_
BUFFER_
FULL
| Device | ALERT | MCTD Log Buffer Full | The MCTD log buffer has reached maximum capacity. | ||
|
DEVICEHW_
ION9000X722FW_
OUTOFDATE
| Device | INCIDENT | ION 9000 Port 9-12 Firmware Update Required | A critical firmware update is required to maintain stable operation of ports 9 through 12 on this device. | ||
|
DEVICEHW_
FAN_
LOST
| Device | INCIDENT | Fan Loss | A monitored fan is not functioning due to failure, obstruction, or being unplugged. | ||
|
DEVICE_
POE_
SHUT_
CPU_
TEMP_
OVER_
THRESHOLD
| Device | INCIDENT | PoE Shutdown Due to CPU Thermal Issue | PoE operations shut down because the CPU temperature exceeded the safe threshold. A system reboot is required to re-enable PoE. | ||
|
DEVICE_
POE_
PORT_
POWER_
OVER_
THRESHOLD
| Device | INCIDENT | Warning | Port Power Over Threshold | A PoE port's power usage exceeded the configured threshold. | 6.0.2 |
|
DEVICE_
POE_
MAIN_
POWER_
OVER_
THRESHOLD
| Device | INCIDENT | Warning | System Power Over Threshold | The overall power usage for all Power-over-Ethernet (PoE) devices on the system exceeded the configured device threshold. | 6.0.2 |
|
DEVICE_
POE_
MAIN_
POWER_
FAULT
| Device | INCIDENT | Warning | Main Power Fault | An internal error occurred in the Power-over-Ethernet (PoE) support requiring device reload, power-cycle, or RMA. | 6.0.2 |
|
CLAIMCERT_
EXPIRY_
WARNING
| Device | ALERT | Warning | Claim Certificate Expiration Date Approaching | The Claim Certificate is approaching its expiration date. This may be due to previous renewal failures or a short expiration period set by the CA. | 5.5.1 |
|
DEVICESW_
MFGCERT_
RENEWAL_
FAILED
| Device | INCIDENT | Renewal of MIC Certificate Failed | Manufacturing Identity Certificate (MIC) renewal failed after multiple consecutive retries, disabling auto-renewal. | ||
|
DEVICESW_
MFGCERT_
EXPIRY_
WARNING
| Device | ALERT | MIC Certificate Expiry Warning | The Manufacturing Identity Certificate (MIC) is approaching its expiration date. | ||
|
SECURITY_POLICY_RULES_FAILED
| Device | Alarm | Critical | Security Policy Rules Failed | This alarm is generated when the security policy rules creation failed due to an internal error or less memory available on the device. | 6.3.6 |