Troubleshoot Incidents
Table of Contents
Expand All
|
Collapse All
Prisma SD-WAN Docs
-
-
-
-
- AWS Transit Gateway
- Azure vWAN
- Azure vWAN with vION
- ChatBot for MS Teams
- ChatBot for Slack
- CloudBlades Integration with Prisma Access
- GCP NCC
- Service Now
- Zoom QSS
- Zscaler Internet Access
-
-
- ION 5.2
- ION 5.3
- ION 5.4
- ION 5.5
- ION 5.6
- ION 6.0
- ION 6.1
- ION 6.2
- ION 6.3
- ION 6.4
- New Features Guide
- On-Premises Controller
- Prisma Access CloudBlade Cloud Managed
- Prisma Access CloudBlade Panorama Managed
- Prisma SD-WAN CloudBlades
Troubleshoot Incidents
Follow the troubleshooting steps for resolving incidents generated in Prisma SD-WAN.
Prisma SD-WAN generates incidents and alerts when the system reaches
system-defined or customer-defined thresholds or there is a fault in the system. Use the
incident and alert event codes to view the
details of the incidents and alerts generated in the system.
Follow the troubleshooting steps for each incident in the order listed
below. Each step is intended to resolve the issue. Proceed to the next step only if the
previous step did not resolve the problem.
For each incident raised on the web interface, you can select
Troubleshoot to follow a step-by-step troubleshooting
procedure. If the issue persists, select Go to Support to create
a support ticket. A Palo Alto Networks Support executive will contact you. You can also
return the device to Palo Alto Networks.
Incident Code | Troubleshooting Steps |
---|---|
APPLICATION_CUSTOM_RULE_CONFLICT |
|
DEVICEHW_DISKENC_SYSTEM |
This event code was raised when one disk partition failed to convert
into an encrypted partition during the last device upgrade.
|
DEVICEHW_DISKUTIL_PARTITIONSPACE |
This event code is raised due to high disk capacity utilization. To
verify, follow the steps:
|
DEVICEHW_INTERFACE_ ERRORS |
This event code is raised due to a faulty cable, SFP, port, or patch
panel connection.
|
DEVICEHW_INTERFACE_HALFDUPLEX |
This event code is raised due to issues with port configuration and
cable. First, verify the cable connection and swap the cable.
Second, check the port and the remote end (auto or hard-coded). To
change the port configuration:
|
DEVICEHW_INTERFACE_DOWN | Interface down requires an assessment to see if the
incident is intentional or real.
|
DEVICEHW_MEMUTIL_SWAPSPACE |
To verify if High Memory Utilization is happening in real-time:
|
DEVICEHW_POWER_LOST | This event code is raised by an unplugged or a loose
power cable.
|
DEVICEIF_ADDRESS_DUPLICATE | If static IP address configuration is used, confirm that the IP address used is not explicitly assigned to another device or within a range already allocated by a DHCP server. |
DEVICESW_CONCURRENT_FLOWLIMIT_EXCEEDED |
To verify the concurrent flows:
|
DEVICESW_DHCPRELAY_ RESTART | Process stopped requires further investigation. Contact Palo Alto Networks Support. |
DEVICESW_DHCPSERVER_ERRORS |
|
DEVICESW_DHCPSERVER_RESTART | Process stopped requires further investigation. Contact Palo Alto Networks Support. |
DEVICESW_DISCONNECTED_FROM_CONTROLLER |
|
DEVICESW_FPS_LIMIT_ EXCEEDED |
|
DEVICESW_GENERAL_PROCESSRESTART | Process restart is an alert and does not require immediate action. If several process restart alerts repeat in a given hour or day, contact Palo Alto Networks Support. |
DEVICESW_GENERAL_PROCESSSTOP | Process stopped requires further investigation. Contact Palo Alto Networks Support. |
DEVICESW_IMAGE_INCOMPATIBLE |
|
DEVICESW_LICENSE_VERIFICATION_FAILED |
|
DEVICESW_MONITOR_DISABLED | System monitoring disabled requires further
investigation.
|
DEVICESW_NTP_NO_SYNC | Could not reached the configured NTP server. Contact Palo Alto Networks Support. |
DEVICESW_SNMP_AGENT_ RESTART | Process stopped requires further investigation. Contact Palo Alto Networks Support. |
DEVICESW_SYSTEM_BOOT | Device reboot is an alert and may need further
investigation.
|
DEVICESW_TOKEN_VERIFICATION_FAILED |
|
DEVICESW_CONNTRACK_FLOWLIMIT_EXCEEDED |
|
NAT_POLICY_LEGACY_ALG_CONFIG_OVERRIDE | Contact Palo Alto Networks Support to remove the legacy configuration from the device. |
NAT_POLICY_STATIC_NATPOOL_OVERRUN | Make sure that traffic selector has a 1:1 mapping for the converted NATPOOL range to CIDR. |
NETWORK_DIRECTINTERNET_DOWN (Branch sites only) |
|
NETWORK_DIRECTPRIVATE_DOWN (Branch sites only) |
|
NETWORK_POLICY_RULE_CONFLICT | Update the two conflicting policy rules identified or remove one of the rules to ensure that there is no conflict. |
NETWORK_POLICY_RULE_DROPPED | Update the identified policy rule to remove some applications or remove some source and destination prefixes in the rule. |
NETWORK_PRIVATEWAN_DEGRADED (DC Sites only) |
|
NETWORK_PRIVATEWAN_UNREACHABLE (DC Sites only) |
|
PEERING_BGP_DOWN |
|
PRIORITY_POLICY_RULE_CONFLICT | Update the two conflicting policy rules identified or remove one of the rules to ensure that there is no conflict. |
PRIORITY_POLICY_RULE_DROPPED | Update the identified policy rule to remove some applications or remove some source and destination prefixes in the rule. |
SITE_CIRCUIT_ABSENT_FOR_POLICY | Assign the labels that have been reported in the incident as missing to the site WAN interface at the site. |
SPOKEHA_CLUSTER_DEGRADED | Check the spoke cluster switch over event history to find
out the device for which the effective priority has become zero. If so,
then check:
|
SPOKEHA_CLUSTER_DOWN | Check the spoke cluster switch over event history to find
out the device for which the effective priority has become zero. If so,
then check:
|
SPOKEHA_MULTIPLE_ACTIVE_DEVICES |
|
SPOKEHA_STATE_UPDATE | If the device has become a backup device, check the
device configuration, and incidents or alerts to find out:
|