Troubleshoot Alarms

Follow the troubleshooting steps for each alarm in the order listed below. Each step is intended to resolve the issue. Proceed to the next step only if the previous step did not resolve the problem.
For each alarm raised on the web interface, you can select to
Troubleshoot
to follow a step-by-step troubleshooting procedure. If the issue persists, select
Go to Support
to create a support ticket. A Palo Alto Networks Support executive will contact you.
Alarm Code
Troubleshooting Steps
APPLICATION_CUSTOM_RULE_CONFLICT
Update one or both of the identified applications that have conflicting rules.
DEVICEHW_DISKENC_SYSTEM
During device upgrade, some partition failed for disk encryption conversion, for example, the partition was not encrypted. Upgrade the device again with another image that contains disk encryption support to resolve this failure.
DEVICEHW_DISKUTIL_PARTITIONSPACE
High disk capacity utilization requires inspection of the system for software alarms that might be filling up storage unnecessarily.
Contact the Palo Alto Networks Support.
DEVICEHW_INTERFACE_ ERRORS
  1. Check interface cabling (electrical)—The cable may be too long or of the wrong type to operate at the desired speed. Cable runs should avoid sources of electrical noise such as motors, fluorescent lighting or power cables. Try replacing and/or rerouting the cable.
  2. Check interface cabling (optical)—The cable may be too long or the wrong type for the SFP/SFP+ module. A crimp in an optical cable may have permanently damaged it. Try replacing the cable and remember that the optical cables should be inspected and cleaned prior to mating with the endpoints.
  3. If the problem still persists, contact Palo Alto Networks Support.
DEVICEHW_INTERFACE_HALFDUPLEX
  1. Check remote equipment configuration. Ensure the connected equipment is able to run full duplex and is configured correctly with auto-negotiation.
  2. Disable auto-negotiation and configure the correct speed and duplex manually on the Prisma SD-WAN device and on the remote equipment.
DEVICEHW_INTERFACE_DOWN
Interface down requires an assessment to see if the alarm is intentional or real.
  1. If the affected interface is not going to be used, the alarm can be cleared by changing the
    Admin Up
    state to Down. Click on the affected entity to take you to interface configuration.
  2. If the affected interface is expected to be in use, check for disconnected or bad cables and misconfiguration related to port speed and duplex settings. Click on the affected entity to take you to interface configuration.
  3. Check interface configuration on the remote switch or router device and the interface state of that device. Disconnect and reconnect the cables as needed.
  4. If the problem persists, contact Palo Alto Networks Support.
DEVICEHW_MEMUTIL_SWAPSPACE
High memory utilization requires inspection of the system for software alarms that might be unexpectedly consuming memory resources. Contact Palo Alto Networks Support.
DEVICEHW_POWER_LOST
Power lost condition may have been caused by an unplugged or a loose power cable.
  1. Try using a new cable and/or re-seating the existing cable. If this does not help, the power supply unit (PSU) needs to be replaced. Note down which PSU failed for devices that have dual PSUs. Order a replacement PSU from Palo Alto Networks for the particular ION device.
  2. When the new PSU is on hand at the site where the device is located, simply pull out and replace the affected PSU.
DEVICEIF_ADDRESS_DUPLICATE
If static IP address configuration is used, confirm that the IP address used is not explicitly assigned to another device or within a range already allocated by a DHCP server.
DEVICESW_CONCURRENT_FLOWLIMIT_EXCEEDED
  1. Check the flow browser and identify the rogue client and isolate it.
  2. If the problem still persists, contact Palo Alto Networks Support.
DEVICESW_DHCPRELAY_ RESTART
Process stopped requires further investigation. Contact Palo Alto Networks Support.
DEVICESW_DHCPSERVER_ERRORS
  1. Check interfaces configuration and state.
  2. Verify that at least one device interface is active and configured with static IP configuration.
  3. Check DHCP server configuration.
  4. Verify that the subnet address does not overlap across the site.
  5. If custom options are configured, verify that the custom option definition and option value are compatible with each other.
  6. If the problem still persists, contact Palo Alto Networks Support.
DEVICESW_DHCPSERVER_RESTART
Process stopped requires further investigation. Contact Palo Alto Networks Support.
DEVICESW_DISCONNECTED_FROM_CONTROLLER
  1. Check if there is any network connectivity problem at the site. Look for invalid interface configurations, interface alarms or network alarms. If present, clear those faults.
  2. Check if there are any process alarms which indicate that processes are stopped. If present, take action on those faults.
  3. Check if any firewall rules both on the ION device (if used) and external to the ION device prevent communication between the ION device and controller. If present, fix those rules.
  4. Ensure that the controller is not undergoing maintenance. If notification indicates maintenance activity, wait until the activity is completed.
  5. If none of the choices apply, please open a case with Palo Alto Networks Support.
DEVICESW_FPS_LIMIT_ EXCEEDED
  1. Check the flow browser and identify the rogue client and isolate it.
  2. If the problem still persists, contact Palo Alto Networks Support.
DEVICESW_GENERAL_PROCESSRESTART
Process restart is an alert and does not require immediate action. If several process restart alerts repeat in a given hour or day, contact Palo Alto Networks Support.
DEVICESW_GENERAL_PROCESSSTOP
Process stopped requires further investigation. Contact Palo Alto Networks Support.
DEVICESW_IMAGE_INCOMPATIBLE
  1. Check the software version of the device on the
    Device List
    screen.
  2. Click
    Upgrade
    and check if the device's software version is present in the available software list.
  3. If the software version on the device is not on the available software list, upgrade or downgrade the device to an available software version. After successful software change, issue
    Recheck SW Version
    command from the device list for that device.
  4. If the software version is not on the available software list but the software version on the device is the desired software version for your network, contact Palo Alto Networks Support for further instructions.
DEVICESW_LICENSE_VERIFICATION_FAILED
  1. Obtain additional licenses or free up unused licenses and then bring up the virtual ION device.
  2. If the problem still persists, contact Palo Alto Networks Support.
DEVICESW_MONITOR_DISABLED
System monitoring disabled requires further investigation.
  1. Attempt a device reboot to clear the alarm.
  2. If system monitoring disabled alarm is raised again after a reboot, contact Palo Alto Networks Support.
DEVICESW_NTP_NO_SYNC
Could not reached the configured NTP server. Contact Palo Alto Networks Support.
DEVICESW_SNMP_AGENT_ RESTART
Process stopped requires further investigation. Contact Palo Alto Networks Support.
DEVICESW_SYSTEM_BOOT
Device reboot is an alert and may need further investigation.
  1. If the device rebooted due to operations performed including forced reboot by administrator or a software upgrade, the alert is normal and for informational purposes only.
  2. If the device rebooted itself without any administrator operation reasons, contact Palo Alto Networks Support.
DEVICESW_TOKEN_VERIFICATION_FAILED
  1. Generate a new token and use that token in the creation of virtual ION device metadata.
  2. If the problem still persists, contact Palo Alto Networks Support.
DEVICESW_CONNTRACK_FLOWLIMIT_EXCEEDED
  1. Use the device toolkit to dump and inspect the entries in the connection tracking table.
  2. Contact Palo Alto Networks Support.
NAT_POLICY_LEGACY_ALG_CONFIG_OVERRIDE
Contact Palo Alto Networks Support to remove the legacy configuration from the device.
NAT_POLICY_STATIC_NATPOOL_OVERRUN
Make sure that traffic selector has a 1:1 mapping for the converted NATPOOL range to CIDR.
NETWORK_DIRECTINTERNET_DOWN (Branch sites only)
  1. Check if there are any interface down alarms on the interfaces connecting to the internet circuit. Follow interface troubleshooting and alarm clearance procedures for that interface.
  2. Check for connectivity on the internet circuit by pinging common public endpoints on the internet through the interface connected to the circuit.
  3. Check the internet modem, if present, to ensure that it is powered up. As a possible recovery step, power cycle the modem.
  4. If the problem still persists, contact Palo Alto Networks Support.
NETWORK_DIRECTPRIVATE_DOWN (Branch sites only)
  1. Check if there are any interface down alarms on the interfaces connecting to private WAN routing devices. Follow interface troubleshooting and alarm clearance procedures for that interface.
  2. Check if local network endpoints connected to the affected ION device are reachable by pinging the interface through which the private WAN traffic is supposed to traverse.
  3. For a remote office, check for PEERING_EDGE_DOWN or PEERING_CORE_ DOWN alarms on all data center sites.
  4. Check if connectivity between the remote office and the data center exists by pinging the private WAN interface(s) from the affected site. From a branch site, choose one data center to ping to.
  5. If the problem still persists, contact Palo Alto Networks Support.
NETWORK_POLICY_RULE_CONFLICT
Update the two conflicting policy rules identified or remove one of the rules to ensure that there is no conflict.
NETWORK_POLICY_RULE_DROPPED
Update the identified policy rule to remove some applications or remove some source and destination prefixes in the rule.
NETWORK_PRIVATEWAN_DEGRADED (DC Sites only)
  1. Verify that the prefixes configured on the remote site are correct.
  2. Verify that the BGP configuration on the WAN edge router is such that routes sent to the Palo Alto Networks data center device are received from the provider without any summarization.
NETWORK_PRIVATEWAN_UNREACHABLE (DC Sites only)
  1. Check if there are any interface down alarms on the interfaces connecting to private WAN routing devices. Follow interface troubleshooting and alarm clearance procedures for that interface.
  2. Check if local network endpoints connected to the affected ION device are reachable by pinging the interface through which the private WAN traffic is supposed to traverse.
  3. For a data center site, check for PEERING_EDGE_DOWN alarms. Follow PEERING_EDGE_DOWN troubleshooting and alarm clearance steps.
  4. Check if connectivity between the remote office and the data center exists by pinging the private WAN interface(s) from the affected site. From a data center site, choose one or more remote office sites to ping to.
  5. If the problem still persists, contact Palo Alto Networks Support.
PEERING_BGP_DOWN
  1. Check if there are any interface down faults on the interfaces connecting to peer routing devices. Follow interface troubleshooting and fault clearance procedures for that interface.
  2. Check if local network endpoints connected to the affected ION device are reachable using a ping operation using the interface through which traffic to peer routing device is supposed to traverse.
  3. Check and validate configuration on the peer routing device and check for interface and routing faults.
  4. If none of the choices apply, please open a case with Palo Alto Networks support
PRIORITY_POLICY_RULE_CONFLICT
Update the two conflicting policy rules identified or remove one of the rules to ensure that there is no conflict.
PRIORITY_POLICY_RULE_DROPPED
Update the identified policy rule to remove some applications or remove some source and destination prefixes in the rule.
SITE_CIRCUIT_ABSENT_FOR_POLICY
Assign the labels that have been reported in the alarm as missing to the site WAN interface at the site.
SPOKEHA_CLUSTER_DEGRADED
Check the spoke cluster switch over event history to find out the device for which the effective priority has become zero. If so, then check:
  • If any of the tracked interfaces of the device are down.
  • If any of the system services for the device are down.
SPOKEHA_CLUSTER_DOWN
Check the spoke cluster switch over event history to find out the device for which the effective priority has become zero. If so, then check:
  • If any of the tracked interfaces of the device are down.
  • If any of the system services for the device are down.
SPOKEHA_MULTIPLE_ACTIVE_DEVICES
  1. Check the operational state of the interfaces that are specified as the source interface for cluster operation to find out if they are up.
  2. If the interfaces on both devices are up, check the switch configurations to confirm the interfaces are in the same VLAN.
  3. Ping the IP address on the interface on one of the devices from the other device to confirm the connectivity between the devices.
SPOKEHA_STATE_UPDATE
If the device has become a backup device, check the device configuration, and alarms or alerts to find out:
  • If a failure condition caused the device to become a backup.
  • If another device with a higher priority became active in the cluster.
  • If the device configuration was updated to disable the device.

Recommended For You