PAN agent 3.1.1 connectivity problem

Reply
Highlighted
Not applicable

PAN agent 3.1.1 connectivity problem

Hi All,

I am using PA 2020 and running v3.1.2 with PAN agent v3.1.1. However, the PAN firewall cannot get the info from agent with below error. It capture from PAN agent log file.

2010 05 26 15:08:37, New Connection(10.123.10.107:39564) Socket(652)
2010 05 26 15:08:38, SSL read error in pan_host_agent_rcv_data -2-16-0
2010 05 26 15:08:38, Connection(1) is closed!

Anyone have similar experience? Thanks!

Johnny


Accepted Solutions
Highlighted
L4 Transporter

Re: PAN agent 3.1.1 connectivity problem

Hello Johnny,

the Paloalto device communticates with the Pan agent via ssl connections.

Usually the error just means there is some connectivity issue betweent he paloalto device and the machine that is running the pan agent.

So typically the reasons that would cause this are:

If there is a firewall between the paloalto management and the machine running the pan agent

turn off the windows firewall or configure an exception for it in the Windows firewall config

make sure there is no virus scanning (i.e. symantech antivirus) running on the machine that the pan agent is installed on.

make sure that the port that you have configured between the paloalto device and the pan agent is available and not being used by some other application running on the machine....you can verify this with a netstat -an on the command line of the machine running the pan agent

......always try to choose a high port number when configuring the pan agent to ensure it will not be a port that some other application uses.

If you have verified the above and you are still getting errors, please go aheand and call into support in order that we can help to troubleshoot further.

thamk you,

Stephen Whyte

View solution in original post


All Replies
Highlighted
L4 Transporter

Re: PAN agent 3.1.1 connectivity problem

Hello Johnny,

the Paloalto device communticates with the Pan agent via ssl connections.

Usually the error just means there is some connectivity issue betweent he paloalto device and the machine that is running the pan agent.

So typically the reasons that would cause this are:

If there is a firewall between the paloalto management and the machine running the pan agent

turn off the windows firewall or configure an exception for it in the Windows firewall config

make sure there is no virus scanning (i.e. symantech antivirus) running on the machine that the pan agent is installed on.

make sure that the port that you have configured between the paloalto device and the pan agent is available and not being used by some other application running on the machine....you can verify this with a netstat -an on the command line of the machine running the pan agent

......always try to choose a high port number when configuring the pan agent to ensure it will not be a port that some other application uses.

If you have verified the above and you are still getting errors, please go aheand and call into support in order that we can help to troubleshoot further.

thamk you,

Stephen Whyte

View solution in original post

Highlighted
Not applicable

Re: PAN agent 3.1.1 connectivity problem

Hi Stephen,

Thanks and I turn off the firewall in my Windows 2008 server but still not work. I will contact support and investigate the case.

Johnny

Highlighted
Not applicable

Re: PAN agent 3.1.1 connectivity problem

Hello,

could you find out finally what was the problem?

I got the same problem right now :smileyconfused:

Thank you in advance.

Highlighted
Not applicable

Re: PAN agent 3.1.1 connectivity problem

I had this issue to and contacted support I was told it was an issue within the 3.1 releases and to downgrade to 3.0.8.

3.1.3 is supposed to fix this issue and should be out at the first part of July.

Highlighted
L5 Sessionator

Re: PAN agent 3.1.1 connectivity problem

3.1.3 was released last night.

Highlighted
Not applicable

Re: PAN agent 3.1.1 connectivity problem

Thanks guys !! :smileyhappy:

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!