- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-27-2018 07:15 AM
I believe I have set up the Panorama and Firewalls correctly as per a few different KB articles I've read. I've check connectivity between the MGT interfaces, made sure that the attempts weren't being denied due to the fact that "permitted IP's" were configured. I even checked out a TCP dump of the connection on TCP 3978, and see ack's going out to the firewalls, however any return traffic just comes back stating a window size of 0. Any advice?
P.S.
I've checked the MTU and have no SSL-Certificates setup.
08-27-2018 10:57 AM
Window size of zero may not be an issue if the connection hasn't opened yet.
The firewalls themselves make the connection to Panorama, so you can grab a tcpdump on the firewall's management interface using Panorama's IP as the filter:
tcpdump filter "host 192.0.2.1" snaplen 0
Once that's completed, you can transfer it via SCP or TFTP if you want to take a further look. Check to see that there's an established connection. If not, there should be some frames that lead you to the root cause.
One note: if the firewall's management interface is subject to security policy because it traverses the firewall, you'll need a security rule (and possibly source-NAT) to ensure it's allowed and can route.
08-28-2018 06:50 AM
Thanks, sorry got caught up yesterday. I'm stumped, the TCP connection will get all the way to FIN and then I'll see a retransmission. Followed by another 3-way handshake and more of the same. I think I'm just going to forgo using the MGT ports and connect them via in-band L3 ports. Thanks for trying to help.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!