This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Panorama SDWAN 3.2.0 - zone map menu missing

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Panorama SDWAN 3.2.0 - zone map menu missing

Go to solution
leonarit
L0 Member

‎02-22-2024 06:08 PM

Hello,

 

I'm currently deploying a new sdwan setup with Panorama(11.1.0(KVM))+sdwan_plugin(3.2.0) and noticed that the zone map menu doesn't exist, tested with different browsers(Chrome and Firefox)

 

In the official documentation for the lasted plugin version, it's mentioned that the zone map menu still exists and in the release notes there isn't anything about the removal of the option for zone mapping.

 

I've tested in my lab in another panorama vm with the same version and zone map menu also doesn't exist, I've also exported the imported sdwan devices to csv and the csv file doesn't have any columns related to zones.

 

Before opening a case I would like to know if someone have tested the latest plugin version and noticed the same behaviour  

 

In the configd.log I get the information that the zone map doesn't exist.

 

2024-02-22 23:41:25.668 +0000 Error: pan_cfg_transform_fullpath(pan_cfg_utils.c:6955): error generating transform /opt/pancfg/mgmt/factory/tplrenamemapfrompushreq.xsl
2024-02-22 23:41:25.668 +0000 Error: pan_cfg_tpl_renamemap_from_request(pan_cfg_templates.c:5759): failed to generate tpl rename map from request
2024-02-22 23:41:25.670 +0000 Error: pan_cfg_pushtpl_autogen_config_merge(pan_cfg_templates.c:8103): Zones node or zone map hash not found for sd-wan zone mapping

 

Regards.

1 person had this problem.
1 accepted solution

Accepted Solutions

Go to solution
DIEHARD
L1 Bithead

‎02-26-2024 12:51 PM

I just found this note in the known issues section.. They probably should have been listed in the changes instead of issues.

This at least explains it going away for me.

 

https://docs.paloaltonetworks.com/plugins/vm-series-and-panorama-plugins-release-notes/panorama-plug...

 

PLUG-13152
The SD-WAN plugin creates predefined zones automatically that does not require any user configuration. Hence, we have removed the following predefined zones tabs from the SD-WAN plugin web interface:
  • Zone Internet
  • Zone to Hub
  • Zone to Branch
  • Zone Internal
This issue is addressed in SD-WAN plugin 2.2.5 and 3.0.5.

View solution in original post

3 REPLIES 3

Go to solution
DIEHARD
L1 Bithead

‎02-26-2024 12:31 PM

I am using Pan 10.2.7-h3 and SDWAN 3.0.7 plugin and noticed the zones assignment stuff is missing too.

Don't seem to be having issues committing or pushing policy.. at least so far.
Really strange i don't see any change notes anywhere though.

0 Likes Likes

Go to solution
DIEHARD
L1 Bithead

‎02-26-2024 12:51 PM

I just found this note in the known issues section.. They probably should have been listed in the changes instead of issues.

This at least explains it going away for me.

 

https://docs.paloaltonetworks.com/plugins/vm-series-and-panorama-plugins-release-notes/panorama-plug...

 

PLUG-13152
The SD-WAN plugin creates predefined zones automatically that does not require any user configuration. Hence, we have removed the following predefined zones tabs from the SD-WAN plugin web interface:
  • Zone Internet
  • Zone to Hub
  • Zone to Branch
  • Zone Internal
This issue is addressed in SD-WAN plugin 2.2.5 and 3.0.5.

Go to solution
leonarit
L0 Member
In response to DIEHARD

‎02-27-2024 01:55 AM

Thanks for the help! PA should update the admin guide(3.1 and 3.2) and remove the incorrect information.

 

 

There are two main use cases for predefined zones:

 

  • Existing Zones
    —You already have pre-existing zones that you created for use in User-ID™ or various policies (security policy rules, QoS policy rules, zone protection, and packet buffer protection). You must map the pre-existing zones to the predefined zones that SD-WAN uses so the firewall can properly forward traffic. You should continue to use your pre-existing zones in all of your policies because the new predefined zones are used only for SD-WAN forwarding. You will map the zones when you to Add SD-WAN Devices to Panorama by creating your CSV file. (If you aren’t using a CSV file, you will map zones when you configure Panorama SD-WAN Devices and add existing zones to Zone Internet, Zone to Hub, Zone to Branch, and Zone Internal.)

0 Likes Likes
  • 1 accepted solution
  • 693 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks