09-13-2023 08:07 AM - edited 09-13-2023 12:56 PM
Hello,
I had a panorama instance in my cloud
Yesterday i removed my ha pair from panorama.
I have followed all steps, disabled ha sync, disabled the panorama objects, templates and network, checked the box to copy these configuration to my firewalls, delete the panorama IP and etc.
But after doing all changes in my firewall and panorama, completely remove my firewalls from panorama, I still see traffic for the panorama IP and the 3978 port on my firewall.
I can't find where is the configuration setting that is generating this traffic.
Can someone help me with this issue?
09-13-2023 05:22 PM
Hello @yurisilva
thanks for post.
Could you please check whether there is in Firewall any configuration left related to log forwarding to Panorama under:
Device > Log Settings
Objects > Log Forwarding
Kind Regards
Pavel
09-14-2023 02:39 PM - edited 09-14-2023 02:40 PM
Thanks for answer @PavelK !!!
Yes, i have a configuration in Objects > Log Forwarding, the IoT Security Default Profile with the forward method set for panorama, but this configuration setting is Read-only, i can't change or delete it.
Do you think that it is causing the traffic that i still see ?
Do you know how i can disable this configuration setting or the forward method ?
09-14-2023 05:52 PM
Thank you for reply @yurisilva
Would it be possible to provide a screen shot of that IoT log forwarding setting?
Kind Regards
Pavel
09-18-2023 05:30 PM
Hello @yurisilva
thank you for reply.
Your screenshot does not cover whole screen, however it looks like it is the IoT Security Default Profile. Could you click on down arrow and click on Global Find to see whether it is reference in anu configuration?
If it does not return anything, I do not think this is a root cause of traffic to Panorama. As a next steps, I would suggest to export running configuration and check whether there is any Panorama related configuration left. Also could you navigate to: Monitor > Session Browser and see whether there i still any session running to Panorama IP address. If there is any, try to kill it.
Kind Regards
Pavel
09-25-2023 08:36 AM
Thanks for help @PavelK
Global find didn't return anything
I have exported the running configuration but i didn't find anything from panorama
I have tried kill the sessions, but after kill its, the sessions starts again.
09-26-2023 04:46 PM
Hello @yurisilva
thank you for reply.
Could you check system logs from Monitor > Logs > System to see any traces where Panorama still comes to picture? For example you can use this filter: ( description contains 'Panorama' )
Kind Regards
Pavel
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
