Free Health Alerts
Focus
Focus
Next-Generation Firewall

Free Health Alerts

Table of Contents

Free Health Alerts

The following table identifies the free alerts that AIOps for NGFW or Strata Cloud Manager can raise which are related to the health of your platform.
A Premium license is not required in order for AIOps for NGFW or Strata Cloud Manager to raise these alerts.
Alert
Description
Card Failure: Card heartbeat failure - Max restarts attempted
(Free alert)
This alert triggers when the error "Card heartbeat failure - Max restarts attempted" is detected in one of the line cards in the chassis, indicating a software or hardware issue that has caused the card to enter a failure state.
Class: Health
Category: Hardware
Log Loss due to Log Forwarding Failure
(Free alert)
The firewall attempts to reliably forward logs to Panorama, log collectors, or the Strata Logging Service. When a forwarded log is successfully received, the firewall will receive an acknowledgment from these destinations. This alert is triggered when the firewall’s ability to track the unacknowledged logs is at capacity. A backlog of too many unacknowledged logs results in log loss.
Class: Health
Category: Logging
SAML message from IdP has no Assertion
(Free alert)
When the user attempts to log in to GlobalProtect, the Captive Portal, or the Admin UI, if using an Identity Provider (IdP), the IdP sends a SAML Assertion to the PAN-OS device’s Assertion Consumer Service (ACS) URL. Even if the authentication with the IdP is successful, the PAN-OS device must still validate the SAML Assertion for successful authentication. This alert is triggered when, during the transmission of the SAML assertion to the PAN-OS device, one of two potential points of failure occur: 1. The SAML assertion may be encrypted, which PAN-OS does not support, preventing successful assertion processing. 2. The IdP may fail to transmit the SAML assertion due to misconfiguration. This Alert automatically clears if no failures are noticed for 24 hours since the detection of the last failure.
Class: Health
Category: Account Monitoring and Control
ACC Query Failure
(Free alert)
This alert detects if the Application Command Center (ACC) query has failed.
Class: Health
Category: Logging
Advanced Routing Engine: NGFW Sent BGP Routes Beyond the Capacity of Its Peer
(Free alert)
This alert is triggered when this NGFW's BGP peer notifies it that its maximum prefix capacity has been exceeded.
Class: Health
Category: Traffic
Approaching Max Capacity - EDL Custom Lists
(Free alert)
The number of EDL Custom List objects is approaching the maximum capacity the firewall can support.
Class: Health
Category: Capacity
Approaching Max Capacity - URLs or IPs within EDLs
(Free alert)
The number of URLs, IPs, or Domains within the configured EDL(s) used in policy on this firewall is approaching the maximum capacity that the firewall can support.
Class: Health
Category: Resource limits
Approaching Max Tunnel Throughput
(Free alert)
The IPsec VPN tunnel usage is close to maximum.
Class: Health
Category: Site-to-Site VPN
BGP Peering Issue Due to Error Subcode = Administrative Reset (4)
(Free alert)
This alert is triggered when a BGP speaker decides to reset the peering with a neighbor administratively. In such cases, the speaker SHOULD send a NOTIFICATION message with the Error Code "Cease" (6) and the Error Subcode "Administrative Reset" (4). Common reasons for a BGP administrative reset include: 1. A configuration change to BGP parameters on one of the peers e.g., A loss of connectivity due to a cut cable or failed link, The blocking of TCP port 179, which is used by BGP, Misconfiguration of the IGP or the static routing that establishes connectivity between the two peers 2. Loss of connectivity between BGP peers - Changing BGP routing policies, router IDs, or IP addresses of particular interfaces/peers may cause an immediate reset. 3. Misconfiguration of the BGP peering parameters- e.g., An administrator performs a manual BGP reset for any newly configured or modified routing policies to take effect.
Class: Health
Category: Traffic
BGP Peering Issue Due to Error Subcode = Administrative Shutdown (2)
(Free alert)
This alert is triggered when a BGP notification message with the Administrative Shutdown code is sent by the neighbor to the NGFW, indicating that the neighbor has initiated a termination of the BGP peering. Refer to the RFC below regarding BGP's Error Subcode = Administrative Shutdown (2): https://datatracker.ietf.org/doc/html/rfc8203 If a BGP speaker decides to terminate its session with a BGP neighbor and sends a NOTIFICATION message with the Error Code 'Cease' and Error Subcode 'Administrative Shutdown' or 'Administrative Reset' [RFC4486], it MAY include a UTF-8 encoded string. The contents of the string are at the operator's discretion.
Class: Health
Category: Traffic
BGP Peering Issue Due to Error Subcode = Connection Rejected (5)
(Free alert)
This alert is triggered when the system receives a BGP connection (OPEN) message from a peer that is not configured locally. The alert identifies this issue using Error Code = Cease (6) and Error Subcode = Connection Rejected (5).
Class: Health
Category: Traffic
BGP peering issue due to Error subcode = Peer De-configured (3)
(Free alert)
This alert detects if a BGP speaker decides to de-configure the peer, The relevance of this alert is to determine which peer has initiated Peer De-configuring. As per the BGP RFC, (https://datatracker.ietf.org/doc/html/rfc4486) " If a BGP speaker decides to de-configure a peer, then the speaker SHOULD send a NOTIFICATION message with the Error Code Cease and the Error Subcode "Peer De-configured".
Class: Health
Category: Traffic
BGP peering issue due to Error subcode = Bad Peer AS (2)
(Free alert)
This alert is triggered when the NGFW's BGP AS information doesn't match its peer's AS information. In a standard BGP peering configuration, both peers must agree on the local AS number and the peer's AS number, and this should hold true in both directions. However, more complex BGP setups, such as Cisco's dual-AS configuration (https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/15-sy/irg-15-sy-book/irg-dual-as.pdf) or BGP peering between a 4-byte ASN device and a 2-byte ASN device (discussed here - https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004LXFCA2), can present challenges for users configuring basic BGP peering.
Class: Health
Category: Traffic
BGP-peer dropping due to missing keepalives
(Free alert)
This Alert is triggered when one peer fails to receive keepalive messages from its peer. These messages are exchanged periodically to confirm the connection is still active. Without them, the BGP speaker cannot verify the connection's status and drops the peering session.
Class: Health
Category: Traffic
Card Failure: Path monitor failure - Max restarts attempted
(Free alert)
This alert triggers when the error "Path monitor failure - Max restarts attempted" is detected in one of the line cards in the chassis, indicating a software or hardware issue that has caused the card to enter a failure state.
Class: Health
Category: Hardware
Card Power Failure
(Free alert)
A card failure has been detected, suggesting a potential issue with the card or its seating within the chassis.
Class: Health
Category: Hardware
Card Stuck in Starting State
(Free alert)
This alert detects if a card is stuck in "Starting" state.
Class: Health
Category: Hardware
Card failure with reason "Slot runtime software failure - Max restarts attempted"
(Free alert)
This alert triggers when the error "Slot runtime software failure - Max restarts attempted" is detected in one of the line cards in the chassis, indicating a software or hardware issue that has caused the card to enter a failure state.
Class: Health
Category: Hardware
Config Memory Usage Approaching Max Limits
(Free alert)
The firewall's configuration is approaching its maximum memory usage limit. During commits, the firewall's total config memory must accommodate two copies: the current 'in-use' configuration and the new 'to-be-used' configuration. If the allocated memory per configuration exceeds 50%, the firewall reaches capacity, resulting in commit failure.
Class: Health
Category: Resource limits
Configuration size reaching device recommended limit
(Free alert)
The configuration size of this device has reached its recommended limit.
Class: Health
Category: Resource limits
Connection Failure to LDAP Server
(Free alert)
This alert indicates a connection failure between the firewall or Panorama and the LDAP server.
Class: Health
Category: Logging
DHCP Client IPv4 address Assignment Failure
(Free alert)
This alert is triggered when a firewall’s dataplane interface configured as an IPv4 DHCP client either fails to obtain an IP address or has lost its assigned IP address.
Class: Health
Category: Traffic
DP Restart - Heartbeat Failure due to Internal Link Down
(Free alert)
This alert triggers when evidence of the issue PAN-160633 occurring was detected in a PA-3200 or PA-5200 device.
Class: Health
Category: PAN-OS and Subscriptions
Degraded System Drive
(Free alert)
A degraded system drive has been identified by monitoring its attributes values.
Class: Health
Category: Hardware
Delayed Telemetry
(Free alert)
The analytics engines have no new telemetry from this NGFW/Panorama.
Class: Health
Category: Telemetry
Dropping Logs - Log Forwarding Queue Failure
(Free alert)
This alert is triggered when a firewall or Panorama's internal log forwarding queue becomes full and starts dropping logs while trying to forward them to an external log destination like a Syslog server or HTTP server. This can occur even if there are no connectivity issues between the firewall or Panorama and the external log server.
Class: Health
Category: Logging
Duplicate IP address detected on an interface
(Free alert)
This alert is triggered when a duplicate IP address is detected. The firewall's configuration can cause IP address conflicts on the network if any of the following conditions apply: 1. One of the firewall's interfaces has the same IP address. 2. A static Source Network Address Translation (SNAT) address is assigned that conflicts. 3. A static Destination Network Address Translation (DNAT) address is assigned that conflicts. 4. An IP address from a configured SNAT pool overlaps an existing subnet. 2. The IdP may fail to transmit the SAML assertion due to misconfiguration. This Alert automatically clears if no new errors are noticed for 24 hours since the detection of the duplicate IP address.
Class: Health
Category: Traffic
Empty Tunnel
(Free alert)
The IPsec VPN tunnel has no traffic in both ingress and egress.
Class: Health
Category: Site-to-Site VPN
Error - Heartbeat Failed Previously
(Free alert)
This alert triggers when the "****Heartbeats failed previously" error is seen in the firewall.
Class: Health
Category: Logging
FE100 Failure
(Free alert)
A calibration error has been detected on the FE100 chip in the firewall. This issue usually indicates a hardware failure.
Class: Health
Category: Hardware
Failed exporting config bundle via ssh
(Free alert)
This alert is triggered when the Panorama is used as a client to SSH into a remote system (e.g., when using SCP to copy files over), it keeps a record of the public certificate of the remote system with the corresponding IP address. When the remote system's certificate has changed, perhaps due to a transition from a self-signed certificate to a public-signed certificate, or the generation of a new certificate and key pair, the old SSH certificate stored in the Panorama will need to be deleted. This alert will clear automatically if the host key verification failure is not detected for 24 hours since the last time it was noticed.
Class: Health
Category: Certificates
Fan Issues
(Free alert)
A fan or fan tray triggered an alarm on the device.
Class: Health
Category: Hardware
Fatal Machine Check Failure
(Free alert)
A Fatal Machine check failure was detected. This issue usually indicates a hardware failure in the CPU.
Class: Health
Category: Hardware
Firewall Disconnected from Panorama
(Free alert)
The connection between Firewall and Panorama has been lost.
Class: Health
Category: System state
GRE tunnel is down - Tunnel Monitoring Failure
(Free alert)
This alert is triggered when a Generic Routing Encapsulation (GRE) tunnel on the firewall has gone down due to tunnel monitoring failure. The GRE tunnel is no longer operational, disrupting the encapsulated traffic flow between the connected networks.
Class: Health
Category: Traffic
GRE tunnel is down - recursive routing
(Free alert)
This alert is triggered when a Generic Routing Encapsulation (GRE) tunnel on the firewall has gone down due to recursive routing. The GRE tunnel is no longer operational, disrupting the encapsulated traffic flow between the connected networks.
Class: Health
Category: Traffic
HA Backup
(Free alert)
The HA Backup link(s) are not currently configured.
Class: Health
Category: High-Availability
HA Peer Connection Status
(Free alert)
One of the firewalls in the HA pair is in a non-healthy state.
Class: Health
Category: High-Availability
HA pair - Oversubscription of resources
(Free alert)
The active/active HA pair is exceeding 100% resource usage.
Class: Health
Category: High-Availability
HW failure - DIMM Error
(Free alert)
A Dual In-Line Memory Module (DIMM) is a hardware component responsible for storing and accessing data in the firewall's random access memory (RAM). This memory module plays a critical role in the firewall's performance, facilitating rapid processing of network traffic and execution of security tasks. An error related to this component typically indicates a memory failure, where processes encounter issues reaching the specific memory location.
Class: Health
Category: Hardware
High Dataplane Processing Latency
(Free alert)
This alert is triggered when the dataplane processing latency on the firewall exceeds the predefined threshold. Dataplane processing latency refers to the time taken by the firewall to process network traffic and make forwarding decisions.
Class: Health
Category: Resource limits
High Disk Space Usage - Pancfg partition
(Free alert)
The hard disk partition is nearing or at capacity. System performance and functionality may be negatively affected.
Class: Health
Category: Resource limits
High Disk Space Usage - Panlogs partition
(Free alert)
The hard disk partition is nearing or at capacity.
Class: Health
Category: Resource limits
High Disk Space Usage - Root partition
(Free alert)
The hard disk partition is nearing or at capacity.
Class: Health
Category: Resource limits
High Disk Space Usage - Shared memory partition
(Free alert)
This alert is triggered if the shared memory (/dev/shm) disk partition is full on a firewall. The /dev/shm is a temporary filesystem used for shared memory in Linux systems.
Class: Health
Category: Capacity
High Processing Activity
(Free alert)
One or more computing resources are running low on the device. System performance and functionality may be negatively affected.
Class: Health
Category: Resource limits
Hot-Plug event detected
(Free alert)
Hot-Plug events on the interface will result in a complete traffic outage on those interfaces.
Class: Health
Category: Logging
IKEv1 IPsec Tunnel Down - IKE Crypto Profile Configuration mismatch
(Free alert)
This alert is triggered when the IKEv1 IPsec tunnel is down due to an IKE Crypto Profile configuration mismatch. This configuration is crucial for ensuring the secure negotiation of cryptographic parameters necessary for establishing and maintaining a secure IPsec VPN connection. A discrepancy in the IKE Crypto Profile configuration between the local and remote ends can lead to the failure to establish or maintain phase 1 of the tunnel.
Class: Health
Category: Traffic
IKEv1 IPsec Tunnel Down - IPsec Crypto Profile Configuration mismatch
(Free alert)
This alert is triggered when the IKEv1 IPsec tunnel is down due to an IPsec Crypto Profile configuration mismatch, which is vital for establishing secure communication between peers in an IPsec VPN connection.
Class: Health
Category: Traffic
IKEv1 IPsec Tunnel Down - Peer Identification Mismatch
(Free alert)
This alert triggers when the IKEv1 IPsec tunnel is down due to a Peer Identification mismatch, which is vital for establishing secure communication between peers in an IPsec VPN connection; a discrepancy in Peer Identification between the local and remote ends can prevent the tunnel from establishing or maintaining a connection.
Class: Health
Category: Site-to-Site VPN
IKEv2 IPsec Tunnel Down - IPsec Crypto Profile configuration mismatch
(Free alert)
This alert triggers when the IKEv2 IPsec tunnel is down due to an IPsec Crypto Profile configuration mismatch, which is vital for establishing secure communication between peers in an IPsec VPN connection. A discrepancy in the IPsec Crypto Profile configuration between the local and remote ends can lead to the failure of the Child SA negotiation, thereby preventing the establishment or maintenance of phase 2 of the tunnel.
Class: Health
Category: Site-to-Site VPN
IKEv2 IPsec Tunnel Down - Peer Identification Mismatch
(Free alert)
This alert triggers when the IKEv2 IPsec tunnel is down due to a Peer Identification mismatch, which is vital for establishing secure communication between peers in an IPsec VPN connection. Any discrepancy in Peer Identification between the local and remote ends can prevent the tunnel from establishing or maintaining a connection.
Class: Health
Category: Site-to-Site VPN
IPQ Error
(Free alert)
An IPQ (Ingress Packet Queue) error has been detected on one of the FE100 chips in the firewall. This error usually indicates a reseat is needed, or there is a hardware failure.
Class: Health
Category: Hardware
Incompatible SFP Media Type
(Free alert)
This alert triggers when the error "SFP Ports Doesn't Support this media type" is found in the device, indicating an incompatible or faulty SFP or cable is inserted.
Class: Health
Category: Hardware
Incorrect Port Speed Configured - PA-850
(Free alert)
This alert triggers when a PA-850 has an incorrect port speed configured for the installed SFP type.
Class: Health
Category: Traffic
Inter Log Collector Disconnection
(Free alert)
This alert triggers when one of the Panoramas in Panorama mode or Log Collector mode becomes disconnected from the Collector Group. The Collector Group provides a centralized repository for NGFWs to forward logs such as system, config, traffic, and threat logs. Additionally, it supports reporting and querying functionalities.
Class: Health
Category: Logging
Irregular Input Power
(Free alert)
Device power levels are outside of the normal range.
Class: Health
Category: Hardware
License Expiration
(Free alert)
One or more of your licenses are nearing or have reached expiration.
Class: Health
Category: PAN-OS and Subscriptions
Logging Drive Failure
(Free alert)
A failed logging drive has been identified through the monitoring of the firewall's disk status.
Class: Health
Category: Hardware
Logrcvr Out-of-Memory - LFC Log Loss Recovery Mechanism
(Free alert)
This alert indicates that a connection to the Log Collector, Panorama or Strata Logging Service is unstable, causing increased memory usage for the LFC log loss recovery hint mechanism.
Class: Health
Category: Logging
Logrcvr Out-of-Memory - LFC Memory Retention Due to Kernel Failure
(Free alert)
This alert indicates that a kernel failure caused memory retention on the Log Forwarding Card (LFC) due to connection flaps with Panorama while forwarding logs.
Class: Health
Category: Logging
MPC Card - CPLD Failure
(Free alert)
The Management Processor Card (MPC) is an essential component for the PA-5450, providing management, logging, and high availability functions. The MPC card has experienced a failure due to an issue with its component, the Complex Programmable Logic Device (CPLD).
Class: Health
Category: Hardware
NGFW received BGP Routes beyond the configured max Prefixes
(Free alert)
This alert is triggered when this NGFW's BGP peer advertises more routes than the NGFW can handle based on its configured max prefixes capacity.
Class: Health
Category: Traffic
NGFW/Panorama Management Certificate Expiration
(Free alert)
This alert detects the expiration of the NGFW/Panorama Management Certificate.
Class: Health
Category: Certificates
NPC Card - FE100 Failure
(Free alert)
Network Processing Cards (NPCs) provide network connectivity and are essential for network traffic processing. An NPC card has experienced an issue with its FE100 component, leading to its failure.
Class: Health
Category: Hardware
Non-default Logging level
(Free alert)
This alert is triggered when the logging level of a service is not set to its default configuration. This alert ensures that services consistently maintain their designated logging settings.
Class: Health
Category: Resource limits
Out of Sync Peers - Configuration
(Free alert)
The system configurations on the high availability peers do not match.
Class: Health
Category: High-Availability
Out of Sync Peers - Dynamic Content
(Free alert)
Dynamic content, such as Antivirus or Applications and Threats, do not match between the high availability peers.
Class: Health
Category: High-Availability
Out of Sync Peers - Sessions
(Free alert)
Sessions are not matching or up to date between the High availability Peers.
Class: Health
Category: High-Availability
Out of Sync Peers - Software
(Free alert)
The PAN-OS software versions on the high availability peers do not match.
Class: Health
Category: High-Availability
Outdated Dynamic Content
(Free alert)
The dynamic content installed on the device is stale when compared to the content that is available on the update server.
Class: Health
Category: Dynamic content
PA-5450 NC card - FE100 Failure
(Free alert)
Networking Cards (NCs) provide network connectivity and are essential for network traffic processing. An NC card has experienced an issue with its FE100 component, which triggers its internal link fault, causing path monitoring failure on the Dataplane Processing Card (DPC).
Class: Health
Category: Hardware
PAN-OS End-of-Life
(Free alert)
Your current version of PAN-OS is no longer supported.
Class: Health
Category: PAN-OS and Subscriptions
PAN-OS Known Vulnerability
(Free alert)
Your current version of PAN-OS has known vulnerabilities.
Class: Health
Category: PAN-OS and Subscriptions
PAN-OS Root and Default Certificate Expiration - Scenario 1
(Free alert)
The root certificate and the default certificate on the firewall expired.
Class: Health
Category: Certificates
PAN-OS Root and Default Certificate Expiration - Scenario 2
(Free alert)
The root certificate and the default certificate on the firewall expired.
Class: Health
Category: Certificates
PAN-OS integrated User-ID Agent Monitored Server Disconnected
(Free alert)
This alert is triggered when the server, monitored by the PAN-OS integrated User-ID Agent (Agentless User-ID), loses connection with the firewall. This monitored server is a critical component for mapping user identities to network activities.
Class: Health
Category: Hardware
PCI Error
(Free alert)
A Peripheral Component Interconnect (PCI) is responsible for connecting the Management Plane (MP) to the Control Plane (CP). A certain error related to this component indicates a failure in its functionality.
Class: Health
Category: Hardware
Panorama/Log Collector Disconnected from Collector Group [AIOps-Alerts-Logging]
(Free alert)
This alert triggers when the IP address of Panorama or the Log Collector changes, causing the ring file's configuration linked to the old IP address. As a result, Panorama or the Log Collector disconnects from the Collector Group, preventing NGFWs from sending their logs to Panorama or the Log Collector.
Class: Health
Category: Logging
Path Monitor Failure - Card
(Free alert)
A path monitoring failure has been detected on a card located within the firewall's slots.
Class: Health
Category: Hardware
Policy Config Memory Usage Approaching Max Limits
(Free alert)
This alert detects if the policy config memory usage exceeds a critical threshold.
Class: Health
Category: Resource limits
Port Failure
(Free alert)
A failure related to the management physical port or one of the high-availability physical ports has been detected.
Class: Health
Category: Hardware
Process Memory Depletion - Configd
(Free alert)
The device’s management plane processes are depleting its available memory.
Class: Health
Category: Resource limits
Process Memory Depletion - Device Server
(Free alert)
The device’s management plane processes are depleting its available memory.
Class: Health
Category: Resource limits
Process Memory Depletion - Log Receiver
(Free alert)
The device’s management plane processes are depleting its available memory.
Class: Health
Category: Resource limits
Process Memory Depletion - Management Server
(Free alert)
The device’s management plane processes are depleting its available memory.
Class: Health
Category: Resource limits
Process Memory Depletion - Report
(Free alert)
The device’s management plane processes are depleting its available memory.
Class: Health
Category: Resource limits
Process Memory Depletion - User Id
(Free alert)
The device’s management plane processes are depleting its available memory.
Class: Health
Category: Resource limits
Reduced Tunnel Throughput
(Free alert)
The IPsec VPN tunnel usage is below normal usage.
Class: Health
Category: Site-to-Site VPN
Redundant Power Supply Failure
(Free alert)
Power supply redundancy is not attained either because it hasn't been inserted, the power supply has malfunctioned, or complete redundancy hasn't been accomplished.
Class: Health
Category: Hardware
SAML SSO authentication failed for User
(Free alert)
When the Authentication Profile filters specific groups for GlobalProtect or Captive Portal users, or both, authentication failures may occur. Even if users seem to belong to the group listed in the allow list, they still encounter the "user not in allow list" message. Changing the allow list to include "all" groups rather than specific ones enables successful user authentication.
Class: Health
Category: Logging
SCP Scheduled Log Export Failure
(Free alert)
This alert detects if the SCP scheduled log export has failed.
Class: Health
Category: Logging
Session Failure
(Free alert)
Sessions can fail in the firewall, which can result in the increment of various global counters. These global counters indicate the reason that traffic session failed.
Class: Health
Category: Traffic
Slow Panorama Performance - Long Execution of 'show config candidate' operation
(Free alert)
This alert is triggered when the operation 'show config candidate' takes longer than expected. This alert will clear automatically if the slow operation 'show config candidate' is not detected for 3 days since the last time it was noticed.
Class: Health
Category: System State
Slow Panorama Performance - Long Execution of Push Scope Operation
(Free alert)
This alert is triggered when the admin tries to push changes and the Panorama takes too long to display the push scope UI. This alert will clear automatically if the slow push-scope operation is not detected for 3 days since the last time it was noticed.
Class: Health
Category: System State
Slow Panorama Performance - Long Execution of Save, Load, or Revert config operation
(Free alert)
This alert is triggered when the Save, Load, or Revert config operations take longer than expected. This alert will clear automatically if the slow operations like Save, Load or Revert are not detected for 3 days since the last time it was noticed.
Class: Health
Category: System State
System Drive or Connector fault
(Free alert)
This alert indicates that the device has experienced a hardware failure in either the drive or the drive connector.
Class: Health
Category: Hardware
Terminal Server agent Self-signed Certificate Expiration
(Free alert)
This alert detects the expiration of the Terminal Server agent self-signed certificate on November 18, 2024.
Class: Health
Category: Certificates
Thermal Issues
(Free alert)
Device temperature is outside of the normal range.
Class: Health
Category: Hardware
Traffic Latency - Packet Descriptors (on-chip)
(Free alert)
Packet Descriptor (on-chip) resources are running low on the device.
Class: Health
Category: Flood/DoS
Transceiver or SFP Port - Failed to Write Value
(Free alert)
This alert triggers when the error "Failed to write value 0x from byte 0 to offset" is found in the device, usually indicating a faulty transceiver, cable, or SFP port in the device.
Class: Health
Category: Hardware
Unidirectional Tunnel Traffic
(Free alert)
The IPsec VPN tunnel has has unidirectional traffic.
Class: Health
Category: Site-to-Site VPN
Unofficial URL for Application Database
(Free alert)
This alert triggers when the firewall's dynamic content update for the Application Database uses an unofficial URL to download the update. Administrators may use QA servers for troubleshooting dynamic update downloads, sometimes without realizing these are test servers. After successful testing, they may forget to reset the firewall to the correct URL for downloading updates.
Class: Health
Category: Dynamic Content
Unofficial URL for Cloud Services
(Free alert)
This alert triggers when the firewall's dynamic content update for the Cloud Services uses an unofficial URL to download the update. Administrators may use QA servers for troubleshooting dynamic update downloads, sometimes without realizing these are test servers. After successful testing, they may forget to reset the firewall to the correct URL for downloading updates.
Class: Health
Category: Dynamic Content
Unofficial URL for PAN-DB URL Filtering | Advanced URL Filtering
(Free alert)
This alert triggers when the firewall's dynamic content update for the PAN-DB URL Filtering | Advanced URL Filtering uses an unofficial URL to download the update. Administrators may use QA servers for troubleshooting dynamic update downloads, sometimes without realizing these are test servers. After successful testing, they may forget to reset the firewall to the correct URL for downloading updates.
Class: Health
Category: Dynamic Content
Unofficial URL for WildFire | Advanced WildFire
(Free alert)
This alert triggers when the firewall's dynamic content update for WildFire | Advanced WildFire uses an unofficial URL to download the update. Administrators may use QA servers for troubleshooting dynamic update downloads, sometimes without realizing these are test servers. After successful testing, they may forget to reset the firewall to the correct URL for downloading updates.
Class: Health
Category: Dynamic Content
Unsupported Transceiver Used
(Free alert)
This alert is raised if the part number for any transceiver (SFP, SFP+, QSFP, QSFP+), within a single device, is incompatible with the specifications supported by Palo Alto Networks.
Class: Health
Category: Hardware
User authentication unsuccessful - received out-of-band SAML message
(Free alert)
When the user attempts to log in to GlobalProtect, the Captive Portal, or the Admin UI, if using an Identity Provider (IdP), the IdP sends a SAML Assertion to the PAN-OS device’s Assertion Consumer Service (ACS) URL. Even if the authentication with the IdP is successful, the PAN-OS device must still validate the SAML Assertion to successfully validate the authentication. This alert is triggered when the PAN-OS device is not expecting a SAML Assertion but receives one, indicating some user’s login attempt was unsuccessful.
Class: Health
Category: Account Monitoring and Control
User authentication unsuccessful - “max_clock_skew” Error
(Free alert)
This alert indicates that the Security Assertion Markup Language (SAML) Identity Provider's authentication message encountered a "max_clock_skew" error due to time discrepancies between the Identity Provider (IdP) and the firewall/Panorama. This issue is often caused by out-of-sync local time or network latency.
Class: Health
Category: Account Monitoring and Control
User-ID agent Self-signed Certificate Expiration
(Free alert)
This alert detects the expiration of the User-ID agent self-signed certificate on November 18, 2024. The alert detects if a PAN-OS device has a User-ID policy configured, meets the PAN-OS version requirements per Table 1 of the advisory, and uses a self-signed certificate. It does not apply if custom certificates are in use or User-ID mappings are provided only by an NGFW that serves as a User-ID agent or from GlobalProtect agents.
Class: Health
Category: Certificates
Zone Protection profile - Flood Detection
(Free alert)
Connections established on the zone or the incoming packet rate are excessive or abnormal.
Class: Health
Category: Flood/DoS
Zone Protection profile - Threshold Recommendation
(Free alert)
A zone is missing a Zone Protection profile or the threshold values in a Zone Protection profile need adjustment.
Class: Health
Category: Flood/DoS