This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

SD-WAN: ION2000 issue with getting registered with the portal

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

SD-WAN: ION2000 issue with getting registered with the portal

AjitKumar
L1 Bithead

‎01-06-2022 07:19 AM

I have a brand new ION2000 that is connected to Internet however it does not show up under unclaimed devices on the SD-WAN port.

Can you please help.

 

Thanks,

Ajit Kumar

NBC Universal

Sr Network Engineer

1 person had this problem.
0 Likes Likes
5 REPLIES 5

PavelK
Cyber Elite
Cyber Elite

‎01-06-2022 01:37 PM

Thank you for the post @AjitKumar

 

ION appliance will register to portal via "controller 1" interface. Could you make sure that this interface is up, has configured DNS and can go to internet (only TCP 443 is enough for registration). Could you run below 2 commands to confirm status?

 

dump interface config interface=controller1

dump controller status

 

Kind Regards

Pavel 

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

AjitKumar
L1 Bithead

‎01-08-2022 03:40 PM

Hi Pavel,

 

Please see requested output below.

Thanks,

Ajit

==

ion toolkit# dump interface config controller
Interface : controller
Description :
ID : 10
Type : port
Admin State : up
Alarms : enabled
NetworkContextID:
Scope :
MTU : 1500
IP : dhcp

ion toolkit# dump controller status
Controller Connection : Partially Connected
Number of Active Connections : 1
--------------------------------------------------------------------------------
tcp 0 0 10.0.0.65:56041 52.8.25.40:443 ESTABLISHED
--------------------------------------------------------------------------------
ion toolkit#

0 Likes Likes

PavelK
Cyber Elite
Cyber Elite

‎01-08-2022 11:05 PM

Thank you for reply @AjitKumar

 

From the output of: "dump interface config controller" it looks like that ION is connected to portal.

 

Could you run below debug to to confirm that all test are passed:

debug controller reachability controller1
 
Kind Regards
Pavel

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

AjitKumar
L1 Bithead

‎01-09-2022 04:42 PM

Hi Paval,

 

Please see below the output as per your request:

 

ion toolkit# debug controller reachability controller
TPM-tcsd running fine
cic/mic id not in keys-list
ion toolkit#

 

Thanks,

Ajit

0 Likes Likes

PavelK
Cyber Elite
Cyber Elite

‎01-10-2022 05:43 AM

Thank you for reply @AjitKumar

 

Based on debug output you provided, it looks like that the MIC (Manufacturer Installed Certificate) is missing/invalid. During the initial registration, the CloudGenix controller validates the ION's MIC, which is stored in the TPM. This is however failing. This is likely reason why you can't see this ION under unclaimed devices in portal. At this point, I would reach Palo Alto support. I do not believe this is something you can fix by your self.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
  • 4086 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks