Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1742
Views
40
Helpful
1
Replies

PAN should be listening on port 8905?

Go to solution
Marcelo Morais
VIP
VIP

‎06-21-2021 03:41 PM - edited ‎06-21-2021 03:43 PM

Hi,

 although on ISE Installation Guide - 2.7, section Cisco ISE Administration Node Ports, there is no evidence of the use of port 8905, only on then section Cisco ISE Policy Service Node Ports, the result of the following command shows otherwise (Primary PAN

PAN/admin# show ports | inc 8905
tcp: ..., 0.0.0.0:8905, 0.0.0.0:8009, ...

 

I found a bug: CSCvx97249 - PAN should not be listening on 8905 .

Last Modified: Jun 18, 2021

Severity: 2 Severe

Symptom: Posture Probes being dropped

Support Cases: 0

Further Problem Description: Issue with Posture flow , slowness in PAN performance.

 

My doubts:

1. Is there a reason for PAN to listen on 8905 ?

2. if the answer of 1. is No, then: anyone heard anything about removing this port on PAN?

 

Regards

5 people had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎06-21-2021 06:42 PM

As per the bug description, the "PAN should not be listening on 8905" in a fully distributed deployment.

This is a recently filed bug for which a fix has not yet been made available, but the bug lists workarounds for mitigating posture function and performance issue. There is no manual way to force the PAN to stop listening on this port.

If you're experiencing issues due to this bug, please open a TAC case to be added to the bug and TAC may be able to provide a hotfix if/when one is available.

View solution in original post

1 Reply 1

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎06-21-2021 06:42 PM

As per the bug description, the "PAN should not be listening on 8905" in a fully distributed deployment.

This is a recently filed bug for which a fix has not yet been made available, but the bug lists workarounds for mitigating posture function and performance issue. There is no manual way to force the PAN to stop listening on this port.

If you're experiencing issues due to this bug, please open a TAC case to be added to the bug and TAC may be able to provide a hotfix if/when one is available.

Customers Also Viewed These Support Documents