Saturday, August 18, 2018

PAN-OS 8.1.2 upgrade broke my OSPF (release notes says its fixed in PAN-OS 8.1.3)

Just a warning here, my upgrade to 8.1.2 (from 8.1.1) broke my internal OSPF peering on my pan. Looks like the peering now was going through the firewall and since i didnt have a default Trusted/Trusted allow rule in play the firewall passed it down to the deny all rule and it was blocked. Since i was trying to figure out why i wasnt getting traffic back i put a static route in the firewall back inside and it fixed it for the night.

The next day i finally noticed the 2000 any any deny's which is way above normal and looked and ill be damned that OSPF was being blocked. This apprently is addressed in the 8.1.3 upgrade looking at the release notes. Just a warning out there.



No comments:

Post a Comment