Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Panorama & "Managed Devices" unable to connect

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Panorama & "Managed Devices" unable to connect

L1 Bithead

I believe I have set up the Panorama and Firewalls correctly as per a few different KB articles I've read. I've check connectivity between the MGT interfaces, made sure that the attempts weren't being denied due to the fact that "permitted IP's" were configured. I even checked out a TCP dump of the connection on TCP 3978, and see ack's going out to the firewalls, however any return traffic just comes back stating a window size of 0. Any advice?

 

P.S.

I've checked the MTU and have no SSL-Certificates setup.

2 REPLIES 2

L7 Applicator

Window size of zero may not be an issue if the connection hasn't opened yet.

 

The firewalls themselves make the connection to Panorama, so you can grab a tcpdump on the firewall's management interface using Panorama's IP as the filter:

 

tcpdump filter "host 192.0.2.1" snaplen 0

 

Once that's completed, you can transfer it via SCP or TFTP if you want to take a further look. Check to see that there's an established connection. If not, there should be some frames that lead you to the root cause.

 

One note: if the firewall's management interface is subject to security policy because it traverses the firewall, you'll need a security rule (and possibly source-NAT) to ensure it's allowed and can route.

Thanks, sorry got caught up yesterday. I'm stumped, the TCP connection will get all the way to FIN and then I'll see a retransmission. Followed by another 3-way handshake and more of the same. I think I'm just going to forgo using the MGT ports and connect them via in-band L3 ports. Thanks for trying to help.

  • 2519 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!