https://live.paloaltonetworks.com/t5/next-generation-firewall/facing-an-issue-in-a-sd-wan-auto-zone-mapping-to-the-branch/m-p/579125#M2760 <P>Hi team,</P> <P>&nbsp;</P> <P>I require assistance with Pan-OS SD-WAN. Upon adding a device to the SD-WAN devices, I proceeded to create an auto BGP policy for a branch location. However, when checking the policy for the branch device group, I observed that it added 'zone-to-Branch' to both the source and destination zones. I was expecting it to be 'zone-to-hub.' Additionally, I noticed that in the drop-down menu for the branch firewall, 'zone-to-hub' is not listed, whereas it is present in the local firewall. Any guidance on resolving this discrepancy would be greatly appreciated.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AkashThangavel_3-1709545775327.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58028i5E3A8A9635B92022/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="AkashThangavel_3-1709545775327.png" alt="AkashThangavel_3-1709545775327.png" /></span></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AkashThangavel_1-1709545730398.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58026i5E51413BAFF669CC/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="AkashThangavel_1-1709545730398.png" alt="AkashThangavel_1-1709545730398.png" /></span></P> <P>"zone-to-hub" is not in the drop-down from panorama for BRANCH or SPOKE device group</P> <P>-------------------------------------------------------------------------------------------------------------------------</P> <P>But in local firewall "zone-to-hub" is listing</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AkashThangavel_4-1709545791508.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58029i5EB6203B185C018C/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="AkashThangavel_4-1709545791508.png" alt="AkashThangavel_4-1709545791508.png" /></span></P> <P>-------------------------------------------------------------------------------------------------------------------------</P> <P>&nbsp;</P> <P>with regards,</P> <P>Akash Thangavel</P> <P>Network Security Engineer</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 04 Mar 2024 09:53:48 GMT AkashThangavel 2024-03-04T09:53:48Z https://live.paloaltonetworks.com/t5/next-generation-firewall/facing-an-issue-in-a-sd-wan-auto-zone-mapping-to-the-branch/m-p/579125#M2760 <P>Hi team,</P> <P>&nbsp;</P> <P>I require assistance with Pan-OS SD-WAN. Upon adding a device to the SD-WAN devices, I proceeded to create an auto BGP policy for a branch location. However, when checking the policy for the branch device group, I observed that it added 'zone-to-Branch' to both the source and destination zones. I was expecting it to be 'zone-to-hub.' Additionally, I noticed that in the drop-down menu for the branch firewall, 'zone-to-hub' is not listed, whereas it is present in the local firewall. Any guidance on resolving this discrepancy would be greatly appreciated.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AkashThangavel_3-1709545775327.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58028i5E3A8A9635B92022/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="AkashThangavel_3-1709545775327.png" alt="AkashThangavel_3-1709545775327.png" /></span></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AkashThangavel_1-1709545730398.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58026i5E51413BAFF669CC/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="AkashThangavel_1-1709545730398.png" alt="AkashThangavel_1-1709545730398.png" /></span></P> <P>"zone-to-hub" is not in the drop-down from panorama for BRANCH or SPOKE device group</P> <P>-------------------------------------------------------------------------------------------------------------------------</P> <P>But in local firewall "zone-to-hub" is listing</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="AkashThangavel_4-1709545791508.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/58029i5EB6203B185C018C/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="AkashThangavel_4-1709545791508.png" alt="AkashThangavel_4-1709545791508.png" /></span></P> <P>-------------------------------------------------------------------------------------------------------------------------</P> <P>&nbsp;</P> <P>with regards,</P> <P>Akash Thangavel</P> <P>Network Security Engineer</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 04 Mar 2024 09:53:48 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/facing-an-issue-in-a-sd-wan-auto-zone-mapping-to-the-branch/m-p/579125#M2760 AkashThangavel 2024-03-04T09:53:48Z https://live.paloaltonetworks.com/t5/next-generation-firewall/facing-an-issue-in-a-sd-wan-auto-zone-mapping-to-the-branch/m-p/579309#M2761 <P>I have made the mistake of including the wrong subnet to a site when adding sites to the device add for the sdwan plugin which could identify the site incorrectly.&nbsp; Something to check.&nbsp; I have not used autozone yet but it's logical that a subnet identified previously at HUB then used at BRANCH might confuse the plugin.&nbsp;&nbsp;</P> Tue, 05 Mar 2024 15:09:46 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/facing-an-issue-in-a-sd-wan-auto-zone-mapping-to-the-branch/m-p/579309#M2761 delliott_6784 2024-03-05T15:09:46Z