Troubleshoot Alarms
Lets see how to troubleshoot the alarms in Prisma SD-WAN.
Follow the troubleshooting steps for
each alarm in the order listed below. Each step is intended to resolve
the issue. Proceed to the next step only if the previous step did
not resolve the problem.
For each alarm raised on the web interface, you
can select to
Troubleshoot
to follow a step-by-step
troubleshooting procedure. If the issue persists, select Go
to Support
to create a support ticket. A Palo Alto Networks Support
executive will contact you.Alarm Code | Troubleshooting Steps |
---|---|
APPLICATION_CUSTOM_RULE_CONFLICT |
|
DEVICEHW_DISKENC_SYSTEM | This event code was raised when one disk
partition failed to convert into an encrypted partition during the
last device upgrade.
|
DEVICEHW_DISKUTIL_PARTITIONSPACE | This event code is raised due to high disk
capacity utilization. To verify, follow the steps:
|
DEVICEHW_INTERFACE_ ERRORS | This event code is raised due to a faulty
cable, SFP, port, or patch panel connection.
|
DEVICEHW_INTERFACE_HALFDUPLEX | This event code is raised due to issues
with port configuration and cable. First, verify the cable connection
and swap the cable. Second, check the port and the remote end (auto
or hard-coded).To change the port configuration:
|
DEVICEHW_INTERFACE_DOWN | Interface down requires an assessment to see
if the alarm is intentional or real.
|
DEVICEHW_MEMUTIL_SWAPSPACE | To verify if High Memory Utilization is
happening in real-time:
|
DEVICEHW_POWER_LOST | This event code is raised by an unplugged or
a loose power cable.
|
DEVICEIF_ADDRESS_DUPLICATE | If static IP address configuration is used,
confirm that the IP address used is not explicitly assigned to another
device or within a range already allocated by a DHCP server. |
DEVICESW_CONCURRENT_FLOWLIMIT_EXCEEDED | To verify the concurrent flows:
|
DEVICESW_DHCPRELAY_ RESTART | Process stopped requires further investigation.
Contact Palo Alto Networks Support. |
DEVICESW_DHCPSERVER_ERRORS |
|
DEVICESW_DHCPSERVER_RESTART | Process stopped requires further investigation.
Contact Palo Alto Networks Support. |
DEVICESW_DISCONNECTED_FROM_CONTROLLER |
|
DEVICESW_FPS_LIMIT_ EXCEEDED |
|
DEVICESW_GENERAL_PROCESSRESTART | Process restart is an alert and does not require
immediate action. If several process restart alerts repeat in a
given hour or day, contact Palo Alto Networks Support. |
DEVICESW_GENERAL_PROCESSSTOP | Process stopped requires further investigation.
Contact Palo Alto Networks Support. |
DEVICESW_IMAGE_INCOMPATIBLE |
|
DEVICESW_LICENSE_VERIFICATION_FAILED |
|
DEVICESW_MONITOR_DISABLED | System monitoring disabled requires further
investigation.
|
DEVICESW_NTP_NO_SYNC | Could not reached the configured NTP server.
Contact Palo Alto Networks Support. |
DEVICESW_SNMP_AGENT_ RESTART | Process stopped requires further investigation.
Contact Palo Alto Networks Support. |
DEVICESW_SYSTEM_BOOT | Device reboot is an alert and may need further
investigation.
|
DEVICESW_TOKEN_VERIFICATION_FAILED |
|
DEVICESW_CONNTRACK_FLOWLIMIT_EXCEEDED |
|
NAT_POLICY_LEGACY_ALG_CONFIG_OVERRIDE | Contact Palo Alto Networks Support to remove
the legacy configuration from the device. |
NAT_POLICY_STATIC_NATPOOL_OVERRUN | Make sure that traffic selector has a 1:1 mapping
for the converted NATPOOL range to CIDR. |
NETWORK_DIRECTINTERNET_DOWN (Branch sites only) |
|
NETWORK_DIRECTPRIVATE_DOWN (Branch sites only) |
|
NETWORK_POLICY_RULE_CONFLICT | Update the two conflicting policy rules identified
or remove one of the rules to ensure that there is no conflict. |
NETWORK_POLICY_RULE_DROPPED | Update the identified policy rule to remove
some applications or remove some source and destination prefixes
in the rule. |
NETWORK_PRIVATEWAN_DEGRADED (DC Sites only) |
|
NETWORK_PRIVATEWAN_UNREACHABLE (DC Sites only) |
|
PEERING_BGP_DOWN |
|
PRIORITY_POLICY_RULE_CONFLICT | Update the two conflicting policy rules identified
or remove one of the rules to ensure that there is no conflict. |
PRIORITY_POLICY_RULE_DROPPED | Update the identified policy rule to remove
some applications or remove some source and destination prefixes
in the rule. |
SITE_CIRCUIT_ABSENT_FOR_POLICY | Assign the labels that have been reported in
the alarm as missing to the site WAN interface at the site. |
SPOKEHA_CLUSTER_DEGRADED | Check the spoke cluster switch over event history
to find out the device for which the effective priority has become
zero. If so, then check:
|
SPOKEHA_CLUSTER_DOWN | Check the spoke cluster switch over event history
to find out the device for which the effective priority has become
zero. If so, then check:
|
SPOKEHA_MULTIPLE_ACTIVE_DEVICES |
|
SPOKEHA_STATE_UPDATE | If the device has become a backup device, check
the device configuration, and alarms or alerts to find out:
|
Recommended For You
Recommended Videos
Recommended videos not found.