Today we updated our cloud connect server to v12. Once that was complete we upgraded two of our managed clients running Veeam backup and replication to v12.
My issue is once the Tenant side was updated to v12 I am no longer able to connect to the service provider. I believe this is the related log…
/14.03.2023 16:07:00.582] <117> Error A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
But this is only happening from tenants that updated to v12, all other tenants running v11 are able to connect without issue.
We have a support case open, Case # 05943021
I don’t have a solution, but I can say that I have had no issues with v12 deployments connecting to my v12 console/VCC server.
Try on the Tenant side to edit the Service Provider and go through the configuration as that might help to narrow it down possibly.
After having our network team investigate we have learned that our inspection policy on our Palo firewall permits traffic to our cloud connect environment that matches the signature for Veeam cloud connect traffic using port 6180. The traffic is now presenting as unknown to the Palo and there for dropped. The work around was to disable the inspection. After that change was pushed our v12 Tenants were able to access their cloud resources as expected.
After having our network team investigate we have learned that our inspection policy on our Palo firewall permits traffic to our cloud connect environment that matches the signature for Veeam cloud connect traffic using port 6180. The traffic is now presenting as unknown to the Palo and there for dropped. The work around was to disable the inspection. After that change was pushed our v12 Tenants were able to access their cloud resources as expected.
Interesting that it would not be known traffic. Glad to hear you have a root cause and hopefully a better fix can be found.
After having our network team investigate we have learned that our inspection policy on our Palo firewall permits traffic to our cloud connect environment that matches the signature for Veeam cloud connect traffic using port 6180. The traffic is now presenting as unknown to the Palo and there for dropped. The work around was to disable the inspection. After that change was pushed our v12 Tenants were able to access their cloud resources as expected.
I have the same Problem with one Tenant and a Fortigate Firewall on customers site. After deactivating the security profiles on the outgoing Firewall Rule the tenant connected to the VCSP successfully.
At the moment my clients have not experienced these problems, but thank you for sharing your case histories!
Comment
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.