https://live.paloaltonetworks.com/t5/panorama-discussions/ngfw-panorama-registration-3978-traffic-allowed-but-rst/m-p/584500#M2297 <P>Hi,&nbsp;</P> <P>&nbsp;</P> <P>I was trying to connect a new PA-440 spare device to our existing Panorama infrastructure, when i faced this weird issue as shown in the system logs.&nbsp;</P> <P>&nbsp;</P> <P>It's as if the TCP session starts and abruptly ends on port 3978 leading to a never ending loop of success and failure.&nbsp;</P> <P>&nbsp;</P> <P>The Panorama is natted behind a cisco so i went there to see what was going on and found these reiterating RST packets seemingly after each connection attempt from the PA-440 public ip.</P> <P>&nbsp;</P> <P>I am not sure why this is happening ? The CISCO rules don't seem to be at fault since the TCP session builds initially however the immediate RST that happens right after is unexplained ?&nbsp;</P> <P>&nbsp;</P> <P>The PA-440 is routed behind a 5G TP-Link Router which doesn't have a fixed IP, so i have to change the corresponding object in the cisco everytime but this is not a problem for now as is it intended as a lab environment for internal testing purposes.</P> <P>&nbsp;</P> <P>I'm suspecting something doesn't go well because of this router, but i'm not 100% sure, anyone encountered something like this before ?&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Little update 1 day later :</STRONG></P> <P>I can see the the session "established" and the traffic allowed but constantly reset on what i assume to be the peer side (cisco). Not sure why this could happen.&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="OELHANCHI_0-1713863049269.png" style="width: 986px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/59224iE4EBC7F66D93E625/image-dimensions/986x54/is-moderation-mode/true?v=v2" width="986" height="54" role="button" title="OELHANCHI_0-1713863049269.png" alt="OELHANCHI_0-1713863049269.png" /></span></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="OELHANCHI_1-1713863173974.png" style="width: 947px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/59225i4FA9524ED22E8FAE/image-dimensions/947x207/is-moderation-mode/true?v=v2" width="947" height="207" role="button" title="OELHANCHI_1-1713863173974.png" alt="OELHANCHI_1-1713863173974.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Thank you</P> <P>&nbsp;</P> Tue, 23 Apr 2024 09:11:59 GMT O.ELHANCHI 2024-04-23T09:11:59Z https://live.paloaltonetworks.com/t5/panorama-discussions/ngfw-panorama-registration-3978-traffic-allowed-but-rst/m-p/584500#M2297 <P>Hi,&nbsp;</P> <P>&nbsp;</P> <P>I was trying to connect a new PA-440 spare device to our existing Panorama infrastructure, when i faced this weird issue as shown in the system logs.&nbsp;</P> <P>&nbsp;</P> <P>It's as if the TCP session starts and abruptly ends on port 3978 leading to a never ending loop of success and failure.&nbsp;</P> <P>&nbsp;</P> <P>The Panorama is natted behind a cisco so i went there to see what was going on and found these reiterating RST packets seemingly after each connection attempt from the PA-440 public ip.</P> <P>&nbsp;</P> <P>I am not sure why this is happening ? The CISCO rules don't seem to be at fault since the TCP session builds initially however the immediate RST that happens right after is unexplained ?&nbsp;</P> <P>&nbsp;</P> <P>The PA-440 is routed behind a 5G TP-Link Router which doesn't have a fixed IP, so i have to change the corresponding object in the cisco everytime but this is not a problem for now as is it intended as a lab environment for internal testing purposes.</P> <P>&nbsp;</P> <P>I'm suspecting something doesn't go well because of this router, but i'm not 100% sure, anyone encountered something like this before ?&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Little update 1 day later :</STRONG></P> <P>I can see the the session "established" and the traffic allowed but constantly reset on what i assume to be the peer side (cisco). Not sure why this could happen.&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="OELHANCHI_0-1713863049269.png" style="width: 986px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/59224iE4EBC7F66D93E625/image-dimensions/986x54/is-moderation-mode/true?v=v2" width="986" height="54" role="button" title="OELHANCHI_0-1713863049269.png" alt="OELHANCHI_0-1713863049269.png" /></span></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="OELHANCHI_1-1713863173974.png" style="width: 947px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/59225i4FA9524ED22E8FAE/image-dimensions/947x207/is-moderation-mode/true?v=v2" width="947" height="207" role="button" title="OELHANCHI_1-1713863173974.png" alt="OELHANCHI_1-1713863173974.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Thank you</P> <P>&nbsp;</P> Tue, 23 Apr 2024 09:11:59 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/ngfw-panorama-registration-3978-traffic-allowed-but-rst/m-p/584500#M2297 O.ELHANCHI 2024-04-23T09:11:59Z https://live.paloaltonetworks.com/t5/panorama-discussions/ngfw-panorama-registration-3978-traffic-allowed-but-rst/m-p/585117#M2310 <P>Had the same issue on an other device during initial device installation phase, it was a different model (PA-220), but i was getting the same RST packets from the panorama side.&nbsp;</P> <P>&nbsp;</P> <P>The solution was to upgrade to the latest PAN-OS version, to get the recently updated root certificate. Pretty idiotic from me, trying to get a registration before the upgrade.</P> <P>&nbsp;</P> <P>I suppose the same step would solve it for this device, can't 100% confirm however as i don't have an available license for that model yet, but very likely.</P> Sat, 27 Apr 2024 14:37:05 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/ngfw-panorama-registration-3978-traffic-allowed-but-rst/m-p/585117#M2310 O.ELHANCHI 2024-04-27T14:37:05Z