Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  Network error update 4.0.2

    Posted May 09, 2022 09:07 AM
    Yesterday in our client we updated the CA PAM from version 3.4.2 to version 4.0.2, this client has two nodes which are in a cluster, being a client we as providers access the CA PAM through a site-to-site VPN with the client.

    At the time of performing the update, we first performed it on the main node after deactivating the cluster, the loading and application of the file was carried out without problems on the node, however, at the time of rebooting the server on our side as providers, we were not able to access once the appliance returned, our client, on the other hand, was able to access the node that we were updating both by https and by agent and could see the CA PAM updated to version 4.0.2, we ruled out connectivity problems at the FW and network level already that as providers we could still access the second node that had not been updated without problems, performed connectivity tests from node 2 and we could reach node 1, but We could not connect as providers in the usual way, it threw us time out.

    We do not know if version 4.0.2 will change any configuration at the network level that we should consider when updating

    ------------------------------
    Duviana Montes De Oca
    ------------------------------


  • 2.  RE: Network error update 4.0.2

    Broadcom Employee
    Posted May 09, 2022 11:35 AM
    Hello Duviana, Yes, there is a network level change (that will be removed in the next maintenance release 4.0.3), see KB 235990. You may be able to resolve this with proper configuration of additional routes on the PAM network configuration page, so that responses to you will go out the same interface that your requests came in from. If you can't do that, open a case with PAM Support and we will be able to resolve this for you.
    Original Message


  • 3.  RE: Network error update 4.0.2

    Posted May 09, 2022 11:54 AM
    Thank you,

    Do you have any probable date for version 4.0.3?
    Original Message


  • 4.  RE: Network error update 4.0.2

    Broadcom Employee
    Posted May 09, 2022 01:36 PM
    Hi Duviana, No, I don't have a date for 4.0.3 yet. It's unlikely to be released in the next few weeks, since we just released 4.1. By the way, the new 4.1 release would resolve the problem as well, but maybe you are not ready yet to upgrade to the new release.
    Original Message


  • 5.  RE: Network error update 4.0.2

    Posted May 09, 2022 01:58 PM
    Hola Ralf. 
    Is there any consideration to have for version 4.1 if I am in version 3.4.2? What would be the best version to update in my scenario of having version 3.4.2, 4.0.2 solving the network issue or 4.1 that does it come with this solution?
    Original Message


  • 6.  RE: Network error update 4.0.2

    Broadcom Employee
    Posted May 09, 2022 02:48 PM
    Hello Duviana, It is possible to upgrade directly to 4.1 from 3.4.2, see documentation page Upgrading to Release 4.1. If you can do this in a test environment and verify that 4.1 works for you, you may as well go that route.
    Original Message


  • 7.  RE: Network error update 4.0.2

    Broadcom Employee
    Posted Jun 21, 2022 11:36 PM
    Just for the record: This problem turned out to be caused by the site-to-site VPN using addresses in the 172.17.0.0 range, which is the default Docker address range used on PAM 4.0+, see KB 240978 for details. In this case the decision was made to change the VPN configuration rather than the PAM configuration.
    Original Message