Wireless Access

Frequent Contributor I

GRE tunnel heartbeats lost. Palo Alto Firewalls

I know this is a long shot, but I'm curious if anyone has palo alto firewalls inbetween their CAPs and Controllers?  We've been seeing an uptick in the number of APs that bootstrap over to their backup LMS after losing heartbeats, and of course the clients get booted and the wifi reputation gets blasted.  The issues seem to coincide with network migration to palo alto firewalls, but there's no indication of why or where the heartbeats are being lost.  We've been running a bootstrap-threashold increase of 16 over the default 8, and I've bumped that up to 32 to help keep some APs from flopping over so often but it's not a cure. 


2015-11-19 08:46:53 Switching to LMS w.x.y.z: Missed heartbeats: Last Sequence Generated=60710 Sent=60710 Rcvd=60677. Last Ctrl message: BW_REPORT len=128 dest=w.x.y.z tries=5 seq=5124
2015-11-19 08:46:59 New connection, Changing to LMS (w.x.y.z) [cur_lms_index: 0, event: REDUN_EVENT_TUNNEL_UP, cur_state: REDUN_STATE_TUNNEL_LMS, function: redun_tunnel_up(5301)]


We're running CPSec because our Controllers were crashing due to checksum errors between APs and controllers, at the suggestion of TAC.





Mike Davis
Network Engineer
University of Delaware
MVP Expert

Re: GRE tunnel heartbeats lost. Palo Alto Firewalls

You should start by looking at your Layer 1 path and make sure there's no issues there.

Then check utilization on the firewall ports and make sure that those are not getting saturated and dropping packets.

Also suggest that you open a case with Palo Alto so they can take deeper look at that traffic.
Thank you

Victor Fabian
Lead Mobility Architect @WEI
Search Airheads
Showing results for 
Search instead for 
Did you mean: