I have a strange problem. The SSG-20 device had been configured to work with NSM for approx. 2 years without problems. A few days ago, suddenly the connection to the NSM fails to establish. I can see that the connection is initiated from the SSG20 to the NSM server. On the NSM server i can see the connection using netstat -an. This confirms that the firewall can reach the NSM server, just like the other firewalls.
After digging in the logfiles on the NSM server the following lines in the /var/netscreen/DevSvr/errorLog/deviceDaemon.0 may be related to this issue:
[03/11/2009 12:27:59.996] [Error] [12342976-connectionMgr.c:2706] Incoming connection has failed to send PET (Protocol Edition Tag), Disconnecting[03/11/2009 12:27:59.996] [Error] [12342976-netPlug.c:213] No NULL disconect functions or opaque allowed in netPlugAttachCallbacks[03/11/2009 12:28:00.012] [Error] [12342976-netPlug.c:30] Default DataXfer callback function[03/11/2009 12:28:00.013] [Error] [12342976-sessionPlug.c:3509] cspSessionDataMsg Message not accepted after test for auditLogManager OKtosend IQ depth 0 OQ depth 0
I really need some help on this one. I have tried disabling / enabling NSM on the SSG, tried several options, but nothing seems to solve this problem. The strangest thing is: It used to work fine!
NSM version 2007.2r1
Any help will be appreciated
just to clarify, is this the only device managed by this NSM server or do you have other devices that are working fine?
If you have other devices connected and working fine, you can do an RMA/re-activate to re-initialize the communication between the NSM and the SSG.
That sounds like a good option. Will this have impact on the running firewall? I do not want to interrupt the network connectivity.
It will not have an impact on your traffic. This would just break the SSP tunnel between NSM & the device, reestablish that.
for a step-by-step procedure about the RMA/re-activate procedure follow this KB article:
Thanks for the tip on RMA/reactivate. I have just reestablished the connection between the SSG20 and NSM.
It still troubles me that a firewall can suddenly decide to refuse communications with the NSM server.
Anyway, the problem is solved.