05-04-2022 05:25 AM
Hello,
I've been trying to add a new TS agent on my firewalls. As there is no redistribution for user-{ip+port} mapping, I want to map the TS agent to 2 FWs. Backend FW is connected correctly, Frontend FW is in error.
I can capture the following between FW and TS agent :
- FW to TS : SYN
- TS to FW : SYN/ACK
- FW to TS : ACK
- FW to TS : RST
I've got the following error:
show user ts-agent state
not-conn:idle(Error: Failed to Connect to 1.1.1.1(source: 2.2.2.2), SSL error: error:00000000:lib(0):func(0):reason(0)(5) )
Also on TS agent side I've got the following error:
05/04/22 12:33:57[Info 1571]: Client thread 2 with IP 2.2.2.2 is started.
05/04/22 12:33:57[Error 1946]: SSL 2 accept error: 5-10054!
05/04/22 12:33:57[Info 1659]: Connection 2.2.2.2/39560 closed.
The thing is that there is no certificate configured for any user ID agent.
I tried to restart user-id process on the FW with no success.
Does someone have an idea ?
