Palo Alto Networks Knowledgebase: Troubleshooting Panorama Connectivity

Troubleshooting Panorama Connectivity

(2186 Views)
Created On 09/25/18 19:38 PM - Last Updated 09/25/18 23:09 PM
Categories:  Content Release,  Deployment

Issue:


Solution:


Details

Here are some checks that should be made when Panorama is out of sync with one of many managed firewalls, or simply cannot connect to a firewall.

  • Check IP connectivity between the devices.
  • Make sure port 3978 is open and available from the device to Panorama.
  • Make sure that a certificate has been generated or installed on Panorama.
  • Confirm the serial number configured in Panorama (case sensitive).
  • If a permitted IP list is configured for the management interface, make sure that Panorama IP is allowed in the list. By default, it will allow all IPs if a list is not specified.
  • Make sure Panorama is on a version greater than or equal to that of the managed devices. Panorama can manage devices running supported PAN-OS versions of the same or a lower release.
  • Check MTU settings on the managed device, as the value may need to be reduced. If a device on the path is fragmenting packets, communication from Managed Device to Panorama will not succeed.
  • Verify that there is not a large time difference between the clock (Date/Time) on Panorama and the clock (Date/Time) on the managed device.

 

owner: swhyte

Attachments:

Other users also viewed:
Actions:
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaWCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Change Language: