ION2000 when connected to Internet fails to show up under unclaimed devices on the SD-WAN portal

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ION2000 when connected to Internet fails to show up under unclaimed devices on the SD-WAN portal

L1 Bithead

Here are some of the commnds I ean on ION2K via console:

 

ion toolkit# dump controller status
Controller Connection : Partially Connected
Number of Active Connections : 1
--------------------------------------------------------------------------------
tcp 0 0 10.0.0.65:41419 52.8.25.40:443 ESTABLISHED
--------------------------------------------------------------------------------

==

ion toolkit# ping controller 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 10.0.0.65: 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=117 time=13.652 ms
64 bytes from 8.8.8.8: seq=1 ttl=117 time=13.592 ms
64 bytes from 8.8.8.8: seq=2 ttl=117 time=14.170 ms
64 bytes from 8.8.8.8: seq=3 ttl=117 time=14.148 ms
64 bytes from 8.8.8.8: seq=4 ttl=117 time=13.524 ms

--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 13.524/13.817/14.170 ms
ion toolkit#

==

 

Any help would be greatly appreciated.

 

Thanks,

Ajit

1 REPLY 1

Cyber Elite
Cyber Elite

Thank you for the post @AjitKumar

 

Based on the output you provided the IOS appliance has connectivity to portal. In order to see what is preventing from registration, I would recommend to run: "debug controller reachability controller1"

 

The device that can successfully register will have below output:

 

ion toolkit# debug controller reachability controller1
TPM and tcsd process is running fine
Mic cert check passed
Cic cert check passed
Mic cert verify passed
Cic cert verify passed
CIC cert connection test done
Device is connected to Controller

 

The first thing that has to pass is MIC (Manufacturer Installed Certificate) check to authenticate ION appliance to controller. If it fails at this step, could you confirm the certificate is there and that it is valid: "inspect certificate mic"

 

Below KB describes steps during initial to portal:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HBNHCA4

 

Depending which step fails in the debug and validity of certificate, I would narrow down the troubleshooting.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
  • 2688 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!