This device and several others were running 8.0.5 when this issue appeared, and have since upgraded to 8.0.6 in hopes of it being some kind of related bug, but no joy. At that point the other firewalls that are configure with Panorama as a User-ID agent would learn the GP mappings via Panorama, assuming those firewalls have panorama assigned as a User-ID agent in. Never had an issue connecting other devices to this panorama, and indeed several other devices are connected without any issue. The GP firewall would need to be enabled to redistribute, and Panorama would need to be configured to learn from the GP firewall as a User-ID agent. It's a very strange but very persistent issue. It seems to me that this rules out an SSL problem, because we're not even completing a basic handshake. Panorama server sends SYN ACK back to firewall. It can be deployed as a dedicated appliance, or as a virtualized instance in AWS, Azure and Google Cloud. ![]() My first thought was some kind of certificate issue.īut through a few packet captures, it seems the following is happening -įirewall sends SYN to Panorama server on that port they use (3978). As a reminder, Panorama provides centralized management of our next generation firewalls. ![]() ![]() Multiple attempts to reconnect have happened since, but none were successful. Wondering if anyone here has ever seen anything similar.īack last Tuesday, one of my firewalls disconnected from Panorama. I've opened a call with PA about this, and managed to stump the first two engineers on the call.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |