Has anyone seen or had any issues when trying to perform an agent install while traversing a Palo Alto device? I have the agent installed with the correct configuration, but it cannot perform its initial registration, I receive an immediate TCP resets when it tries to register
Any thoughts or advice?
Palo Alto tries to identify the application - so the TCP handshake syn/ack/syn-ack is allowed. Then when Palo Alto figures out the application is not allowed, the PAN terminates the connection by sending a TCP reset packet.
Your symptom indicates the Palo Alto is blocking the connection. You’ll need to check the PAN logs to figure out what application it identifies and allow it.
With some troubleshooting with our Network team, they were able to successfully ID the traffic and establish a rule to allow communication. Thanks for the assist!
In case someone arrives here looking for BigFix integration with Palo Alto, now on the IBM app exchange.