>
    Troubleshoot Common Scenarios
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma SD-WAN
    3. Troubleshoot the Integration Process and Standard VPNs
    4. Monitor the Prisma Access for Networks CloudBlade
    5. Troubleshoot Common Scenarios
    Download PDF
    Prisma SD-WAN

    Troubleshoot Common Scenarios

    Table of Contents

    Troubleshoot Common Scenarios

    Learn to troubleshoot common scenarios when installing the CloudBlade and their resolutions.
    Where Can I Use This?What Do I Need?
    • Prisma Access CloudBlade (Panorama Managed).
    • Prisma Access CloudBlade (Cloud Managed).
    • Prisma SD-WAN License.
    • Prisma Access for Networks Subscription.
    • Supported Cloud Plugin Versions.
    • Prisma Access CloudBlade (Cloud Managed) version 3.x.x and later.
    • Prisma Access CloudBlade (Panorama Managed) versions 3.x.x and 4.x.x.
    Listed are the common troubleshooting scenarios when installing the Panorama Managed and Cloud Managed CloudBlades and their resolutions.
    IssueResolution
    Prisma SD-WAN and Prisma Access have different TSG IDs OR are not in same region.For the Panorama Managed CloudBlade, the TSG ID plays no role in linkage, however the ADEM functionality may not work properly. For the Cloud Managed CloudBlade, the TSG ID lookup is used to associate Prisma SD-WAN and Prisma Access accounts. Both tenants should be under the same TSG ID. If the association fails, the Cloudblade Events tab in Status Monitor will raise an error code; FAWKES_PA_TENANT_NOT_FOUND.
    In the Panorama failover, a failover occurred, but only a single Serial Number is configured in the Panorama Integration Container (PIC).
    If you are using version 3.1.6, it is recommended to move to Panorama Managed CloudBlade version 4.0.0 to avail HA Support and add a second serial number. Panorama CSP versions 3.2.1 and later support Panorama Managed CloudBlade version 4.0.0. Alternatively, retain version 3.1.6 and force rollover to the original serial. In both cases, tunnels will remain untouched.
    If you are using version 4.0.0, add the second serial number to the CloudBlade configuration. The order of the serials does not matter, and the tunnels remain untouched.
    Installed CloudBlade but no activity seen or tunnels being created.
    • Go to the CloudBlade Messages screen. If the Cloudblade is correctly configured in Prisma SD-WAN, you should see Execution Started and Execution Finished messages.
    • If you don't see the execution messages, it indicates a problem with the CloudBlade and Prisma SD-WAN. It may take about 15 minutes for the Execution Started message to appear on the Messages tab.
    • Once you see the Execution Finished messages, go to Status Monitor and check:
      • The last reported error in the General Information tab, which indicates the error that caused Cloudblade to exit abruptly.
      • The Cloudblade Events tab to see any recent Error Codes generated during execution.
    Verify if Panorama/CSP is working properly without an errors.
    In most cases, the issue could be with CSP not being able to register itself or not being able to run a changeset. For most of the error scenarios refer to the Error Codes to troubleshoot.
    On Panorama, System Logs can be seen to check if any issue is stopping panorama to continue onboarding.

    © 2024 Palo Alto Networks, Inc. All rights reserved.