Firewall 使用断开连接的引导配置部署Panorama.

Firewall 使用断开连接的引导配置部署Panorama.

8930
Created On 02/21/22 06:46 AM - Last Modified 03/02/23 06:01 AM


Symptom


  • 使用引导配置文件部署的防火墙初始化配置文件.txt .
  • Firewall 到Panorama网络可达性良好。
  • 我们可以看到之间的双向通信firewall和Panorama, 但firewall仍然无法连接到Panorama.

Environment

Cause


  • init-cfg.txt 文件中提到的设备组和/或模板不存在Panorama配置,或者配置的设备组和/或模板名称中存在拼写错误
  • 这导致firewall将无法连接到Panorama.

Resolution


  1. 验证 init-cfg.txt 中提供的设备组名称和模板
  2. 确保它与配置的所需设备组和模板名称完全匹配Panorama.
例子:
  • “init-cfg.txt”文件的配置示例
panorama-server=10.5.107.20 
panorama-server-2=10.5.107.21 
tplname=FINANCE_TG4 
dgname=finance_dg 
  • 配置日志(少 mp-log configd.log ) 在Panorama提供显示这些错误:
Warning:  pan_cfg_handle_mgt_reg(pan_cfg_mgt_handler.c:4733): SC3: Registering device '<FW_SN>'
SVM registration. Serial:<FW_SN> DG: TPL: vm-mode:0 uuid: cpuid: svm_id:2022-02-16 08:20:35.329 +0000 cgname not found in request for device <FW_SN>
Error:  pan_cfg_bootstrap_device_add_to_cfg(pan_cfg_bootstrap_mgr.c:4016): bootstrap: <FW_SN> already added to mgd devices
Error:  pan_cfg_bootstrap_device_add_to_cfg(pan_cfg_bootstrap_mgr.c:4042): bootstrap: device-group finance_dg not found, serial=<FW_SN>
bootstrap: candidate cfg changes reverted for <FW_SN>
Error:  _pan_cfg_bootstrap_device_add_to_cfg(pan_cfg_bootstrap_mgr.c:4425): failed to add bootstrap device '<FW_SN>' to config
Error:  pan_cfg_bootstrap_handle_device_reg(pan_cfg_bootstrap_mgr.c:4627): Failed to add device <FW_SN> to candidate config
Error:  pan_cfg_handle_mgt_reg(pan_cfg_mgt_handler.c:5938): SC3: failed to set drop conn of device: '<FW_SN>'
 

Additional Information


引导程序 Firewall
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NIRCA2&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language