Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
09-23-2022 02:48 AM
Hi
Expedition Version: 1.2.38
I am trying to connect an expedition to Panorama 10.1.6h3 (VMware)
When I try to add an API key using username/password I get "Error Code 35: The connection with the device cannot be established. Please, report Error Code for improvement"
I generated an API key for the panorama so I tried that method by adding API key on expedition.
As I found that error 35 relates to SSL Communication I checked that area. The Panorama has an SSL/TLS profile on it's management interface with a cert from their own trusted root CA. I loaded the root CA for the certificate into the Ubuntu CA certificate store as presumed the issue was the expedition could not communicate on SSL with the panorama until it had the root CA to trust the certificate on it's management interface. The CA cert is present and active on Ubuntu as a trusted CA cert. However I still am receiving the same error Error 35 when I add API via username/password option and when I have API key added and try to retrieve contents it does not download. With either method I see logs on the panorama on 443 indicating session end reason of tcp-rst-from-client
So it looks like there still an issue with establishing an SSL session to allow retrieval of contents etc
Does anyone have any ideas how I might try to resolve this?
09-23-2022 08:16 AM
@Liam_Wynne could you please review /home/userSpace/devices/debug.txt , it might give more detail root cause on why the connection is not working.
09-26-2022 04:53 AM
Thanks Lychiang - I checked this log and it confirmed issue was SSL negotiation.
09-26-2022 11:25 AM
@Liam_Wynne In Expedition to avoid SSL Certificates errors we are trusting all source, so it should not be a certificate error. “Curl error code 35” is happening when the SSL handshake is failing, something is blocking the SSL connection between Expedition and the Panorama.
You could test the connection by executing directly the call using the Expedition CLI:
curl --insecure https://PANORAMA_IP:PANORAMA_
For example:
c
This command should return API key as result.
Please execute the above command and see if you are getting any errors, also please validate that there’s nothing between Expedition and Panorama that could be blocking the traffic.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
