Operational Defect Database

BugZero updated this defect 50 days ago.

Palo Alto Networks | PAN-160238

Fixed an issue where intermittent VXLAN packet drops occurred if the TCI was not configured for inspecting VXLAN traffic. This issue occurred when traffic was migrated from a firewall running a PAN-OS version earlier than PAN-OS 9.0 to a firewall running PAN-OS 9.0 or later.

Last update date:

5/23/2024

Affected products:

Pan OS

Affected releases:

10.1.9

10.1.4

10.1.14

Fixed releases:

10.1.7

9.1.10

Description:

The earliest recollection of this bug is traced back to PAN-OS 10.1.14 - May 23, 2024. This bug is fixed in PAN-OS versions 10.1.7, 9.1.10. Fixed an issue where intermittent VXLAN packet drops occurred if the TCI was not configured for inspecting VXLAN traffic. This issue occurred when traffic was migrated from a firewall running a PAN-OS version earlier than PAN-OS 9.0 to a firewall running PAN-OS 9.0 or later. If you migrate traffic from a firewall running a PAN-OS version earlier than 9.0 to a firewall running PAN-OS 9.0 or later, you experience intermittent VXLAN packet drops if TCI policy is not configured for inspecting VXLAN traffic flows. Workaround: On the new firewall, create an app override for VXLAN outer headers as described in What is an Application Override? and the video tutorial How to Configure an Application Override Policy on the Palo Alto Networks Firewall . PAN-OS version 9.0 can inspect both inner and outer VXLAN flows. If you want to inspect inner flows, you must define a tunnel content inspection (TCI) policy. For more information: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-14-known-and-addressed-issues/pan-os-10-1-14-known-issues https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-4-known-and-addressed-issues/pan-os-10-1-4-known-issues https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-7-known-and-addressed-issues/pan-os-10-1-7-addressed-issues https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-release-notes/pan-os-10-1-9-known-and-addressed-issues/pan-os-10-1-9-known-issues https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-10-addressed-issues

Additional Resources / Links

Share:

BugZero® Risk Score

What's this?

Coming soon

Status

Addressed

Learn More

Search:

...