Communication between management server and specific devices not working-paloaltonetworks-panos

Communication between management server and specific devices not working-paloaltonetworks-panos
0

Communication between management server and specific devices not working-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
A management server needs to communicate with its managed devices at all times. indeni will alert if the communication is broken.

Remediation Steps:
Troubleshoot any possible connectivity issues.

How does this work?
This script uses the Palo Alto Networks API to retrieve the current list of devices and their connection state (the equivalent of running “show devices all” in CLI).

Why is this important?
For Panorama to successfully manage all the devices it is connected to, one must make sure the connectivity works 24/7.

Without Indeni how would you find this?
An administrator would be required to write a script to periodically pull the connection status from Panorama to all devices.

panos-show-devices-all

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/parsers/src/panw/panos/show-devices-all/show-devices-all.ind.yaml

cross_vendor_connection_from_mgmt_to_device

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_connection_from_mgmt_to_device.scala

Indeni Steps

  • get system info

  • parse system info

  • is this is a panorama device?

  • get all device info from the mgmt server

  • parse xml response for devices

  • parse xml response for managed device ip address

  • managed device ip address is found?

  • test mgmt server TCP port 3978

  • is TCP port 3978 open on {{ip_address}} ?

  • ping remote device

  • is device {{failed_ip}} reachable ?

  • is device reachable?

find the reason why a device is not connected to the mgmt server

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/automation/playbooks/get_device_not_connected_reason.yml