I am unable to add my gateway to Panorama, It is showing system logs TSL-SESSION-DISCONNECTED in panorama,
It is connecting and disconnecting every minute. When I supply command show devices in panorama, The predefined certificates not taking, The certificate CN name showing empty.
Please help me.
Thank you for posting the issue @SubaMuthuram
Would it be possible to take packet capture from management interface to get more visibility into TLS Handshake? You can use filter: tcpdump filter "port 3978" (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleECAS)
On Panorama side, the output from: "show devices all" should for functional registration with predefined certificate return:
Certificate subject Name: <Firewall Serial Number>
Certificate expiry at: <Predefined Certificate Expiration Day>
Connected at: <Last Connected Time>
Custom certificate Used: no
Could you please confirm what are you seeing on your side?
Thank you and Regards
Thank you for quick reply @SubaMuthuram
I see. For ZTP, there is different procedure: https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/manage-firewalls/set-up-zero-touch-pr... Have you followed this manual?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!