200000 - Target Firewall Not Connected to Panorama
This error occurs when the Knocknoc agent attempts to refresh an External Dynamic List (EDL) on a Palo Alto Networks firewall through Panorama, but the target firewall cannot be reached.
Common causes include:
- The firewall is not connected to Panorama (it may have lost connection)
- The firewall does not exist in Panorama
- The firewall serial number configured in Knocknoc does not match the device in Panorama
- The specified vsys (virtual system) does not exist on the target firewall
Steps to Resolve
Verify Firewall Connectivity to Panorama
- Log into Panorama and check the device status under Panorama > Managed Devices
- Ensure the target firewall shows as "Connected"
- If disconnected, investigate network connectivity between the firewall and Panorama
Validate the Serial Number Configuration
- Confirm the firewall serial number configured in Knocknoc matches the actual device serial number
- Serial numbers can be found in Panorama under Panorama > Managed Devices or on the firewall under Dashboard > General Information
Verify the Virtual System (vsys) Configuration
- If using multi-vsys mode, ensure the specified vsys exists on the target firewall
- Check the vsys configuration in Knocknoc matches the firewall's vsys naming (e.g., "vsys1", "vsys2")
Check Panorama-Firewall Communication
- Verify that the firewall can reach Panorama on the required ports (typically TCP 3978)
- Check for any firewall rules or network issues blocking the management connection
Ensure all Firewall Changes are Committed and Pushed to Devices
Changes to Palo Alto Networks firewalls must be committed before they take effect. When pushing configuration from a Panorama instance, the "Push to Devices" option must also be selected after committing.
Still Having Issues?
We can help you out, contact us at support@knocknoc.io.