https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/sd-wan-ion2000-issue-with-getting-registered-with-the-portal/m-p/457643#M10 <P>Hi Pavel,</P> <P>&nbsp;</P> <P>Please see requested output below.</P> <P>Thanks,</P> <P>Ajit</P> <P>==</P> <P>ion toolkit# dump interface config controller <BR />Interface : controller <BR />Description : <BR />ID : 10 <BR />Type : port<BR />Admin State : up<BR />Alarms : enabled<BR />NetworkContextID: <BR />Scope : <BR />MTU : 1500<BR />IP : dhcp</P> <P>ion toolkit# dump controller status<BR />Controller Connection : Partially Connected<BR />Number of Active Connections : 1<BR />--------------------------------------------------------------------------------<BR />tcp 0 0 10.0.0.65:56041 52.8.25.40:443 ESTABLISHED<BR />--------------------------------------------------------------------------------<BR />ion toolkit#</P> Sat, 08 Jan 2022 23:40:41 GMT AjitKumar 2022-01-08T23:40:41Z https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/sd-wan-ion2000-issue-with-getting-registered-with-the-portal/m-p/457243#M8 <P>I have a brand new ION2000 that is connected to Internet however it does not show up under unclaimed devices on the SD-WAN port.</P> <P>Can you please help.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Ajit Kumar</P> <P>NBC Universal</P> <P>Sr Network Engineer</P> Thu, 06 Jan 2022 15:19:06 GMT https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/sd-wan-ion2000-issue-with-getting-registered-with-the-portal/m-p/457243#M8 AjitKumar 2022-01-06T15:19:06Z https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/sd-wan-ion2000-issue-with-getting-registered-with-the-portal/m-p/457376#M9 <P>Thank you for the post&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/73105">@AjitKumar</a></P> <P>&nbsp;</P> <P>ION appliance will register to portal via "controller 1" interface. Could you make sure that this interface is up, has configured DNS and can go to internet (only TCP 443 is enough for registration). Could you run below 2 commands to confirm status?</P> <P>&nbsp;</P> <P><STRONG>dump interface config interface=controller1</STRONG></P> <P><STRONG>dump controller status</STRONG></P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel&nbsp;</P> Thu, 06 Jan 2022 21:37:51 GMT https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/sd-wan-ion2000-issue-with-getting-registered-with-the-portal/m-p/457376#M9 PavelK 2022-01-06T21:37:51Z https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/sd-wan-ion2000-issue-with-getting-registered-with-the-portal/m-p/457643#M10 <P>Hi Pavel,</P> <P>&nbsp;</P> <P>Please see requested output below.</P> <P>Thanks,</P> <P>Ajit</P> <P>==</P> <P>ion toolkit# dump interface config controller <BR />Interface : controller <BR />Description : <BR />ID : 10 <BR />Type : port<BR />Admin State : up<BR />Alarms : enabled<BR />NetworkContextID: <BR />Scope : <BR />MTU : 1500<BR />IP : dhcp</P> <P>ion toolkit# dump controller status<BR />Controller Connection : Partially Connected<BR />Number of Active Connections : 1<BR />--------------------------------------------------------------------------------<BR />tcp 0 0 10.0.0.65:56041 52.8.25.40:443 ESTABLISHED<BR />--------------------------------------------------------------------------------<BR />ion toolkit#</P> Sat, 08 Jan 2022 23:40:41 GMT https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/sd-wan-ion2000-issue-with-getting-registered-with-the-portal/m-p/457643#M10 AjitKumar 2022-01-08T23:40:41Z https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/sd-wan-ion2000-issue-with-getting-registered-with-the-portal/m-p/457655#M11 <P>Thank you for reply&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/73105">@AjitKumar</a></P> <P>&nbsp;</P> <P>From the output of: "dump interface config controller" it looks like that ION is connected to portal.</P> <P>&nbsp;</P> <P>Could you run below debug to to confirm that all test are passed:</P> <DIV><STRONG>debug controller reachability controller1</STRONG></DIV> <DIV>&nbsp;</DIV> <DIV>Kind Regards</DIV> <DIV>Pavel</DIV> <P><LI-WRAPPER></LI-WRAPPER></P> Sun, 09 Jan 2022 07:05:41 GMT https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/sd-wan-ion2000-issue-with-getting-registered-with-the-portal/m-p/457655#M11 PavelK 2022-01-09T07:05:41Z https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/sd-wan-ion2000-issue-with-getting-registered-with-the-portal/m-p/457706#M12 <P>Hi Paval,</P> <P>&nbsp;</P> <P>Please see below the output as per your request:</P> <P>&nbsp;</P> <P>ion toolkit# debug controller reachability controller <BR />TPM-tcsd running fine<BR />cic/mic id not in keys-list<BR />ion toolkit#</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Ajit</P> Mon, 10 Jan 2022 00:42:22 GMT https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/sd-wan-ion2000-issue-with-getting-registered-with-the-portal/m-p/457706#M12 AjitKumar 2022-01-10T00:42:22Z https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/sd-wan-ion2000-issue-with-getting-registered-with-the-portal/m-p/457776#M13 <P>Thank you for reply&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/73105">@AjitKumar</a></P> <P>&nbsp;</P> <P>Based on debug output you provided, it looks like that the MIC (Manufacturer Installed Certificate) is missing/invalid. During the initial registration, the CloudGenix controller validates the ION's MIC, which is stored in the TPM. This is however failing. This is likely reason why you can't see this ION under unclaimed devices in portal. At this point, I would reach Palo Alto support. I do not believe this is something you can fix by your self.</P> <P>&nbsp;</P> <P>Kind Regards</P> <P>Pavel</P> Mon, 10 Jan 2022 13:43:37 GMT https://live.paloaltonetworks.com/t5/prisma-sd-wan-discussions/sd-wan-ion2000-issue-with-getting-registered-with-the-portal/m-p/457776#M13 PavelK 2022-01-10T13:43:37Z