GRE tunnel heartbeats lost. Palo Alto Firewalls
11-19-2015 07:02 AM
I know this is a long shot, but I'm curious if anyone has palo alto firewalls inbetween their CAPs and Controllers? We've been seeing an uptick in the number of APs that bootstrap over to their backup LMS after losing heartbeats, and of course the clients get booted and the wifi reputation gets blasted. The issues seem to coincide with network migration to palo alto firewalls, but there's no indication of why or where the heartbeats are being lost. We've been running a bootstrap-threashold increase of 16 over the default 8, and I've bumped that up to 32 to help keep some APs from flopping over so often but it's not a cure.
2015-11-19 08:46:53 Switching to LMS w.x.y.z: Missed heartbeats: Last Sequence Generated=60710 Sent=60710 Rcvd=60677. Last Ctrl message: BW_REPORT len=128 dest=w.x.y.z tries=5 seq=5124
2015-11-19 08:46:59 New connection, Changing to LMS (w.x.y.z) [cur_lms_index: 0, event: REDUN_EVENT_TUNNEL_UP, cur_state: REDUN_STATE_TUNNEL_LMS, function: redun_tunnel_up(5301)]
We're running CPSec because our Controllers were crashing due to checksum errors between APs and controllers, at the suggestion of TAC.
University of Delaware
Re: GRE tunnel heartbeats lost. Palo Alto Firewalls
11-19-2015 09:04 AM
Then check utilization on the firewall ports and make sure that those are not getting saturated and dropping packets.
Also suggest that you open a case with Palo Alto so they can take deeper look at that traffic.
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA