Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
05-02-2017 06:58 AM
So I got the mail today about the certificate which is about to expire.
I installed App protection 694-4000 on the Panorama as described .
After the reboot I no longer have communication between my 2 PA-2050 boxes and Panorama. The log is no longer updated and it shows the 2 boxes "Device State" as Disconnected.
I currently run 7.0.10 on all devices.
I also installed 694-4000 on the firewall boxes and rebooted them, but it didn't change anything. Reverting to a previous versioun of app definition did not help (which seems clear as the new certificate gets probably not rolled back)
Even a Rollback of the config on the Panorama did not help.
Anyone has an idea what could be wrong?
05-11-2017 10:35 PM - edited 05-11-2017 10:42 PM
We've found the problem. The certificate is indeed the culprit.
With assistance from Palo Alto we've deleted the pem certiticates (of both the firewalls) from Panorama.
And once a new one was generated (or imported - not sure about this, and i forgot to ask) the firewalls succesfully connected to Panorama again.
The thing is that you need Root access on Panorama from the CLI, which we don't have, so you will need to contact support and they will need to delete the certs.
Regards
05-26-2017 01:43 AM
I installed App protection 702-4044 today, rebooted panorama and restarted the management process on the firewalls as described in the Paloalto newsletter I got today.
This also solved the problem
05-11-2017 01:05 AM
Exactly the same problem after content update 694-4000 has been installed
In my case we have 2 PA-5050 boxes, and Panorama, running on software version 7.1.5
Is it possible that the firewalls are not trusting the renewed CA certificate on Panorama?
05-11-2017 06:20 AM
We have the same problem. A couple of our firewalls are connected, but we have some that are disconnected. We tried to reboot one of the disconnected firewalls, and it is still disconnected. We do have a case open with Palo Alto, but they haven't helped yet.
Did you find a fix for this? I'm concerned about trying to reboot Panorma again and lose the firewalls that are stil connected.
05-11-2017 10:35 PM - edited 05-11-2017 10:42 PM
We've found the problem. The certificate is indeed the culprit.
With assistance from Palo Alto we've deleted the pem certiticates (of both the firewalls) from Panorama.
And once a new one was generated (or imported - not sure about this, and i forgot to ask) the firewalls succesfully connected to Panorama again.
The thing is that you need Root access on Panorama from the CLI, which we don't have, so you will need to contact support and they will need to delete the certs.
Regards
05-12-2017 02:38 AM
Steps support did in order to resolve the issue:
- You have reported that after the Panorama Certificate update, few of the managed devices are shown as disconnected
- From the Panorama CLI the devices are shown as connected
- In order to restore the connectivity, we entered the root shell and deleted the certificates of the affected device
- After that, we restarted the management server process and confirmed that all devices are shown as connected
05-26-2017 01:43 AM
I installed App protection 702-4044 today, rebooted panorama and restarted the management process on the firewalls as described in the Paloalto newsletter I got today.
This also solved the problem
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
