unable to connect to Panorama error "TSL-SESSION-DISCONNECTED"

@PavelK , thanks for the deatails, The Frewall model is PA-220-ZTP, Is there any diffrent procedur add ZTP firewalls to Panorama. 

The predefined certificate status is not showing in Panorama, Also in the firewall show panorama-certificate comment showing empty. 

Hi PavelK,

Connection is not established between the Panorama and PA-445 device.

admin@Panorama> tcpdump filter "port 3978"
Press Ctrl-C to stop capturing

dropped privs to tcpdump
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C171 packets captured
173 packets received by filter
0 packets dropped by kernel
admin@Panorama> view-pcap mgmt-pcap mgmt.pcap
reading from file /opt/pan/.debug/mgmtpcap/mgmt.pcap, link-type EN10MB (Ethernet)
11:13:50.460705 IP 192.168.0.234.35266 > 192.168.0.209.pan-panorama: Flags [P.], seq 2147872072:2147872113, ack 1423784632, win 1424, options [nop,nop,TS val 816080192 ecr 1424438131], length 41
11:13:50.461558 IP 192.168.0.209.pan-panorama > 192.168.0.234.35266: Flags [P.], seq 1:42, ack 41, win 2561, options [nop,nop,TS val 1424444132 ecr 816080192], length 41
11:13:50.462033 IP 192.168.0.234.35266 > 192.168.0.209.pan-panorama: Flags [.], ack 42, win 1424, options [nop,nop,TS val 816080193 ecr 1424444132], length 0
11:13:50.736827 IP 192.168.0.234.35402 > 192.168.0.209.pan-panorama: Flags [P.], seq 1434786217:1434786286, ack 3262034349, win 387, options [nop,nop,TS val 816080468 ecr 1424438407], length 69
11:13:50.737330 IP 192.168.0.209.pan-panorama > 192.168.0.234.35402: Flags [P.], seq 1:70, ack 69, win 252, options [nop,nop,TS val 1424444407 ecr 816080468], length 69
11:13:50.737790 IP 192.168.0.234.35402 > 192.168.0.209.pan-panorama: Flags [.], ack 70, win 387, options [nop,nop,TS val 816080469 ecr 1424444407], length 0
11:13:50.863234 IP 192.168.0.235.54942 > 192.168.0.209.pan-panorama: Flags [P.], seq 309000155:309000189, ack 2612794819, win 410, options [nop,nop,TS val 1522304549 ecr 3195316293], length 34
11:13:50.863830 IP 192.168.0.209.pan-panorama > 192.168.0.235.54942: Flags [P.], seq 1:35, ack 34, win 243, options [nop,nop,TS val 3195322293 ecr 1522304549], length 34
11:13:50.864256 IP 192.168.0.235.54942 > 192.168.0.209.pan-panorama: Flags [.], ack 35, win 410, options [nop,nop,TS val 1522304550 ecr 3195322293], length 0
11:13:56.460708 IP 192.168.0.234.35266 > 192.168.0.209.pan-panorama: Flags [P.], seq 41:82, ack 42, win 1424, options [nop,nop,TS val 816086192 ecr 1424444132], length 41
11:13:56.461296 IP 192.168.0.209.pan-panorama > 192.168.0.234.35266: Flags [P.], seq 42:83, ack 82, win 2561, options [nop,nop,TS val 1424450131 ecr 816086192], length 41
11:13:56.461770 IP 192.168.0.234.35266 > 192.168.0.209.pan-panorama: Flags [.], ack 83, win 1424, options [nop,nop,TS val 816086193 ecr 1424450131], length 0
11:13:56.736761 IP 192.168.0.234.35402 > 192.168.0.209.pan-panorama: Flags [P.], seq 69:138, ack 70, win 387, options [nop,nop,TS val 816086468 ecr 1424444407], length 69
11:13:56.737334 IP 192.168.0.209.pan-panorama > 192.168.0.234.35402: Flags [P.], seq 70:139, ack 138, win 252, options [nop,nop,TS val 1424450407 ecr 816086468], length 69
11:13:56.737795 IP 192.168.0.234.35402 > 192.168.0.209.pan-panorama: Flags [.], ack 139, win 387, options [nop,nop,TS val 816086469 ecr 1424450407], length 0
11:13:56.863315 IP 192.168.0.235.54942 > 192.168.0.209.pan-panorama: Flags [P.], seq 34:68, ack 35, win 410, options [nop,nop,TS val 1522310549 ecr 3195322293], length 34
11:13:56.863799 IP 192.168.0.209.pan-panorama > 192.168.0.235.54942: Flags [P.], seq 35:69, ack 68, win 243, options [nop,nop,TS val 3195328293 ecr 1522310549], length 34
11:13:56.864331 IP 192.168.0.235.54942 > 192.168.0.209.pan-panorama: Flags [.], ack 69, win 410, options [nop,nop,TS val 1522310550 ecr 3195328293], length 0
11:14:02.460794 IP 192.168.0.234.35266 > 192.168.0.209.pan-panorama: Flags [P.], seq 82:123, ack 83, win 1424, options [nop,nop,TS val 816092192 ecr 1424450131], length 41
11:14:02.461931 IP 192.168.0.209.pan-panorama > 192.168.0.234.35266: Flags [P.], seq 83:124, ack 123, win 2561, options [nop,nop,TS val 1424456132 ecr 816092192], length 41
11:14:02.462591 IP 192.168.0.234.35266 > 192.168.0.209.pan-panorama: Flags [.], ack 124, win 1424, options [nop,nop,TS val 816092194 ecr 1424456132], length 0
11:14:02.736781 IP 192.168.0.234.35402 > 192.168.0.209.pan-panorama: Flags [P.], seq 138:207, ack 139, win 387, options [nop,nop,TS val 816092468 ecr 1424450407], length 69
11:14:02.737180 IP 192.168.0.209.pan-panorama > 192.168.0.234.35402: Flags [P.], seq 139:208, ack 207, win 252, options [nop,nop,TS val 1424456407 ecr 816092468], length 69
11:14:02.737602 IP 192.168.0.234.35402 > 192.168.0.209.pan-panorama: Flags [.], ack 208, win 387, options [nop,nop,TS val 816092469 ecr 1424456407], length 0
11:14:02.863588 IP 192.168.0.235.54942 > 192.168.0.209.pan-panorama: Flags [P.], seq 68:102, ack 69, win 410, options [nop,nop,TS val 1522316549 ecr 3195328293], length 34
11:14:02.864166 IP 192.168.0.209.pan-panorama > 192.168.0.235.54942: Flags [P.], seq 69:103, ack 102, win 243, options [nop,nop,TS val 3195334293 ecr 1522316549], length 34
11:14:02.864638 IP 192.168.0.235.54942 > 192.168.0.209.pan-panorama: Flags [.], ack 103, win 410, options [nop,nop,TS val 1522316551 ecr 3195334293], length 0
11:14:08.460730 IP 192.168.0.234.35266 > 192.168.0.209.pan-panorama: Flags [P.], seq 123:164, ack 124, win 1424, options [nop,nop,TS val 816098192 ecr 1424456132], length 41

regards,

Akash Thangavel

Network Security Engineer