topic Panorama & "Managed Devices" unable to connect in General Topics

Panorama & "Managed Devices" unable to connect

aayoung — Mon, 27 Aug 2018 14:15:55 GMT

I believe I have set up the Panorama and Firewalls correctly as per a few different KB articles I've read. I've check connectivity between the MGT interfaces, made sure that the attempts weren't being denied due to the fact that "permitted IP's" were configured. I even checked out a TCP dump of the connection on TCP 3978, and see ack's going out to the firewalls, however any return traffic just comes back stating a window size of 0. Any advice?

P.S.

I've checked the MTU and have no SSL-Certificates setup.

Re: Panorama & "Managed Devices" unable to connect

gwesson — Mon, 27 Aug 2018 17:57:49 GMT

Window size of zero may not be an issue if the connection hasn't opened yet.

The firewalls themselves make the connection to Panorama, so you can grab a tcpdump on the firewall's management interface using Panorama's IP as the filter:

tcpdump filter "host 192.0.2.1" snaplen 0

Once that's completed, you can transfer it via SCP or TFTP if you want to take a further look. Check to see that there's an established connection. If not, there should be some frames that lead you to the root cause.

One note: if the firewall's management interface is subject to security policy because it traverses the firewall, you'll need a security rule (and possibly source-NAT) to ensure it's allowed and can route.

Re: Panorama & "Managed Devices" unable to connect

aayoung — Tue, 28 Aug 2018 13:50:30 GMT

Thanks, sorry got caught up yesterday. I'm stumped, the TCP connection will get all the way to FIN and then I'll see a retransmission. Followed by another 3-way handshake and more of the same. I think I'm just going to forgo using the MGT ports and connect them via in-band L3 ports. Thanks for trying to help.