For details on cookie usage on our site, read our Privacy Policy
unable to connect to Panorama error "TSL-SESSION-DISCONNECTED"
- LIVEcommunity
- Discussions
- Network Security
- Panorama Discussions
- unable to connect to Panorama error "TSL-SESSION-DISCONNECTED"
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
unable to connect to Panorama error "TSL-SESSION-DISCONNECTED"
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-08-2021 01:17 AM
Hi Team,
I am unable to add my gateway to Panorama, It is showing system logs TSL-SESSION-DISCONNECTED in panorama,
It is connecting and disconnecting every minute. When I supply command show devices in panorama, The predefined certificates not taking, The certificate CN name showing empty.
Please help me.
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-11-2021 02:58 PM
Thank you for posting the issue @SubaMuthuram
Would it be possible to take packet capture from management interface to get more visibility into TLS Handshake? You can use filter: tcpdump filter "port 3978" (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleECAS)
On Panorama side, the output from: "show devices all" should for functional registration with predefined certificate return:
Certificate Status:
Certificate subject Name: <Firewall Serial Number>
Certificate expiry at: <Predefined Certificate Expiration Day>
Connected at: <Last Connected Time>
Custom certificate Used: no
Could you please confirm what are you seeing on your side?
Thank you and Regards
Pavel Kucera
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-11-2021 06:27 PM
@PavelK , thanks for the deatails, The Frewall model is PA-220-ZTP, Is there any diffrent procedur add ZTP firewalls to Panorama.
The predefined certificate status is not showing in Panorama, Also in the firewall show panorama-certificate comment showing empty.
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-11-2021 07:06 PM
Thank you for quick reply @SubaMuthuram
I see. For ZTP, there is different procedure: https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/manage-firewalls/set-up-zero-touch-pr... Have you followed this manual?
Kind Regards
Pavel
- Best way to Identify the user connected with the lower version of GP. in GlobalProtect Discussions
- How do you allow GlobalProtect users connected to the network access to the internet through the firewall on which GP is configured? in GlobalProtect Discussions
- Prevent global protect from connecting when gpd service starts on ubuntu linux? in GlobalProtect Discussions
- Panorama Eval license issue in Panorama Discussions
- Ghost session after VPN down/up in Next-Generation Firewall Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
