08-02-2023 08:35 AM - edited 08-03-2023 12:46 PM
Panorama
08-02-2023 03:53 PM
Hello @prathamesh_s
could you check logs from Panorama CLI to see it can give more details about root cause of the error: tail follow yes mp-log ms.log
Kind Regards
Pavel
08-03-2023 02:28 AM - edited 08-03-2023 02:47 AM
Hi , have run that command
Output
Error: pan_comm_get_tcp_conn_gen (comm_utils.c:702 ) : COMM: connot connect. Remote ip= 172.24.*.* port=3978 err=connection timed out(110) sock 19
CMSA: Source bind sock to 172.20.*.*
COMM: Souce bind sock 19 to 172.20.*.* before connect to remote ip [172.24.*.*] @port 3978
Note* = panorama is in HA , passive panorama in remote location.
Active = 172.20.*.*
Passive= 172.24.*.*
Have run this command from active panorama
Please reply
08-03-2023 11:22 PM
Hello @prathamesh_s
thank you for reply.
Regarding the first screen shot, it looks like that there is a connectivity issue between Panorama and managed Firewall. There is a time out for TCP 3978, but eventually at the end of the log, there is a message that device has registered. To me it looks like WAN / Connectivity issue. Could you check this KB: Troubleshooting Panorama Connectivity
Regarding second screen shot with the error: "Panorama has lost...", it looks like a latency / connectivity issue between active and passive Panorama. The maximum recommended latency between both units should be below 500 ms. Here is a reference in documentation Doc. Since you mentioned that passive Panorama is in remote location, I would try to adjust HA Timers Doc.
Kind Regards
Pavel
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
