Troubleshooting Firewall's connection to IoT Security Edge Service

Troubleshooting Firewall's connection to IoT Security Edge Service

7594
Created On 08/24/22 02:17 AM - Last Modified 09/18/25 09:18 AM


Objective


To resolve the connectivity issue of the firewall to IoT's service edge

Environment


Palo Alto Networks Firewalls
IoT

Procedure


  1. Verify that the NGFW has the needed IoT license
> request license info
License entry:
Feature: Enterprise IoT Security
Description: Enterprise IoT Security
Serial: 0123456789
Authcode: 1234567
Issued: April 18, 2024
Expires: April 18, 2025
Expired?: no

 

  1. Verify that no proxy is between the FW and IoT's service-edge
  2. Check NGFW's DNS settings are properly configured, under Device > Setup > Services > Global > click on edit Icon > DNS Settings
  3. Verify that NTP is working, use How to troubleshoot NTP server connection failure
  4. Certificate validity, use HOW TO RENEW OR REPLACE AN EXPIRED CERTIFICATE
    1. PAN-OS v10.0 and below, verify that both the logging service certificate and device certificate are valid
    2. PAN-OS v10.1 and above, verify device certificate is valid
  5. If DP interface is used for the source connection to IoT's service-edge, verify that security policy and NAT with source-IP 127.168.0.0/16 are configured
  6. Check Policy Rule Recommendations
  7. Configure the following accordingly, based on the region as provided in step 5
> configure
# set deviceconfig setting iot edge address apac.iot.services-edge.paloaltonetworks.com
# commit force
# exit
> quit
>debug iot clear-all type cookie
>debug iot icd reset cookie


 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sYqxCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language