Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

connection issue about security-client

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

connection issue about security-client

L1 Bithead

as doc descibe , Cloud connection should be connected 

 

 

admin@paloalto-vm-10.1.9> show ctd-agent status security-client

Security Client Dlp(0)
Current cloud server: dlp.hawkeye.services-edge.paloaltonetworks.com:443
Cloud connection: disconnected
Config:
Number of gRPC connections: 1, Number of workers: 5
Debug level: 2, Insecure connection: false, Cert valid: true, Key valid: true, CA count: 383
Maximum number of workers: 10
Maximum number of sessions a worker should process before reconnect: 256
Maximum number of messages per worker: 0
Skip cert verify: false
Grpc Connection Status:
State Invalid License (7), last err <nil>
Pool state: Error (3)
last update: 2024-03-13 17:19:22.599501521 +0800 CST m=+0.451463611
last connection retry: 0001-01-01 00:00:00 +0000 UTC
last pool close: 0001-01-01 00:00:00 +0000 UTC
Security Client AceMlc2(1)
Current cloud server: ace.hawkeye.services-edge.paloaltonetworks.com:443
Cloud connection: disconnected
Config:
Number of gRPC connections: 2, Number of workers: 5
Debug level: 2, Insecure connection: false, Cert valid: true, Key valid: true, CA count: 383
Maximum number of workers: 10
Maximum number of sessions a worker should process before reconnect: 1024
Maximum number of messages per worker: 0
Skip cert verify: false
Grpc Connection Status:
State Err (1), last err <nil>
Pool state: Error (3)
last update: 2024-03-13 17:21:56.292693706 +0800 CST m=+154.144655789
last connection retry: 2024-03-13 17:21:56.292696242 +0800 CST m=+154.144658319
last pool close: 0001-01-01 00:00:00 +0000 UTC
Security Client UrlCat(2)
Current cloud server: urlcat.hawkeye.services-edge.paloaltonetworks.com:443
Cloud connection: disconnected
Config:
Number of gRPC connections: 1, Number of workers: 5
Debug level: 2, Insecure connection: false, Cert valid: true, Key valid: true, CA count: 383
Maximum number of workers: 10
Maximum number of sessions a worker should process before reconnect: 256
Maximum number of messages per worker: 0
Skip cert verify: false
Grpc Connection Status:
State Err (1), last err <nil>
Pool state: Error (3)
last update: 2024-03-13 17:21:58.321510523 +0800 CST m=+156.173472653
last connection retry: 2024-03-13 17:21:59.321672698 +0800 CST m=+157.173634790
last pool close: 0001-01-01 00:00:00 +0000 UTC

3 REPLIES 3

Cyber Elite
Cyber Elite

@miaocongcong,

Since it's a connectivity issue, make sure that you're actually allowing all of the traffic from the device and check the logs to ensure that you're actually receiving return traffic. 

L0 Member

Check these logs for clues 

tail plugins-log plugin_dlp.log
tail dp-log wifgo.log

L2 Linker

My IOT security license shows invalid:

 

Getting the following output:

 

TomSankey@62TN-F4-R1-WAN-FW01> tail plugins-log plugin_dlp.log
 2024-08-16 15:56:41.742 +0100 ERROR: [p1-commit] no rules with dlp profile
 2024-08-16 15:56:41.796 +0100 ERROR: [p1-commit] DLP Configuration not found
 2024-08-16 15:56:41.797 +0100 INFO: [p1-commit] DLP Configurations not pushed to DP
 2024-08-16 16:10:12.014 +0100 INFO: [p1-commit] Commit phase p1 received
 2024-08-16 16:10:12.983 +0100 DEBUG: [p1-commit] No dlp settings found in config
 2024-08-16 16:10:12.984 +0100 DEBUG: [p1-commit] Settings: {}
 2024-08-16 16:10:12.985 +0100 DEBUG: [p1-commit] No DLP settings to send to cloud
 2024-08-16 16:10:12.989 +0100 ERROR: [p1-commit] no rules with dlp profile
 2024-08-16 16:10:13.045 +0100 ERROR: [p1-commit] DLP Configuration not found
 2024-08-16 16:10:13.046 +0100 INFO: [p1-commit] DLP Configurations not pushed to DP
 TomSankey@62TN-F4-R1-WAN-FW01> tal dp-log wifgo.log

 

mSankey@62TN-F4-R1-WAN-FW01> tail mp-log wifgo.log
 {"level":"warn","caller":"/opt/build/bamboo-agent-home-1/xml-data/build-dir/IOT-FIL76-JOB1/build/src/pan/wifclient/wifshm.go:1043","time":"Aug 20 10:51:19.082","message":"workers of sec_client UrlCat get 0 msgs and send out 0 msgs in the past 60 second"}
 {"level":"warn","caller":"/opt/build/bamboo-agent-home-1/xml-data/build-dir/IOT-FIL76-JOB1/build/src/pan/wifclient/wifshm.go:1074","time":"Aug 20 10:51:19.082","message":"UrlCat cur channel len: service 0, DataMsg 0 (max), rtn 0"}
 {"level":"warn","caller":"/opt/build/bamboo-agent-home-1/xml-data/build-dir/IOT-FIL76-JOB1/build/src/pan/wifclient/wifshm.go:1080","time":"Aug 20 10:51:19.082","message":"mwsr.shm.WrWrIndex 7855, mwsr.shm.WrRdIndex 7855"}
 {"level":"error","time":"Aug 20 10:51:28.428","message":"Error reading proxy enable/disable: exit status 1\n"}
 {"level":"warn","caller":"/opt/build/bamboo-agent-home-1/xml-data/build-dir/IOT-FIL76-JOB1/build/src/pan/wifclient/wifshm.go:1086","time":"Aug 20 10:51:49.091","message":"mwsr.shm.WrWrIndex 8750, mwsr.shm.WrRdIndex 8750"}
 {"level":"error","time":"Aug 20 10:52:29.266","message":"Error reading proxy enable/disable: exit status 1\n"}
 {"level":"error","time":"Aug 20 10:53:30.146","message":"Error reading proxy enable/disable: exit status 1\n"}
 {"level":"error","time":"Aug 20 10:54:30.987","message":"Error reading proxy enable/disable: exit status 1\n"}
 {"level":"error","time":"Aug 20 10:55:31.815","message":"Error reading proxy enable/disable: exit status 1\n"}
 {"level":"error","time":"Aug 20 10:56:32.687","message":"Error reading proxy enable/disable: exit status 1\n"}

P.S
  • 985 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!