Hoping someone else has run into this. I have been implementing UID redistribution in our PAN environment. I've stumbled across a few firewalls that will not establish a connection on port 5007, once the UID service is moved off of the default Mgmt interface (yes, appropriate firewall rules are in place). The system logs spit out an error like this:
User-ID Agent datacenter_redist_1(vsys1): Error: Failed to Connect to xxx.xxx.xxx.xxx(source: xxx.xxx.xxx.xxx), SSL error: error:00000000:lib(0):func(0):reason(0)(5) details: none
I was able to replicate this in the lab and found the error might be related to failover to the PASSIVE firewall. Upon failover I found this in the useridd.log:
Error: pan_ssl_conn_open(pan_ssl_utils.c:755): pan_tcp_sock_open() to xxx.xxx.xxx.xxx port 5007 failed; errno=150
Any ideas or suggestions would be appreciated.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!