https://live.paloaltonetworks.com/t5/general-topics/firewall-suddenly-stopped-reading-entraid-groups-from-cie/m-p/1229129#M124298 <P>Thank you for the reply, all 4 of our firewalls are listed under device association on common services.</P> <P>&nbsp;</P> <P>output from those commands are:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="StianKantebakke_0-1747291559228.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/67611i1B895450D95066B6/image-size/medium?v=v2&amp;px=400" role="button" title="StianKantebakke_0-1747291559228.png" alt="StianKantebakke_0-1747291559228.png" /></span></P> <P>&nbsp;</P> Thu, 15 May 2025 06:46:30 GMT StianKantebakke 2025-05-15T06:46:30Z https://live.paloaltonetworks.com/t5/general-topics/firewall-suddenly-stopped-reading-entraid-groups-from-cie/m-p/1229053#M124291 <P>We have been using CIE for about half a year now for a spesific usecase where we use som groups that are maintained in Entra ID to control network access, monday we were made aware that that access did not update for new users.</P> <P>&nbsp;</P> <P>CIE does have the correct group mapping, but the firewalls does not sync with CIE.</P> <P>&nbsp;</P> <P>Debugging the issue we have found that the firewall does not manage to find the instance of CIE:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="StianKantebakke_0-1747212225376.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/67599iA028FC356C72FD63/image-size/medium?v=v2&amp;px=400" role="button" title="StianKantebakke_0-1747212225376.png" alt="StianKantebakke_0-1747212225376.png" /></span></P> <P>We checked with a second pair of firewalls we have on the same tennant and the same issure happens there.</P> <P>&nbsp;</P> <P>In the logs we have found one supicious event about instance region 'kr' that started monday(have repeated multiple times), but dont find anything in the config that refers to that region:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="StianKantebakke_1-1747212443937.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/67600i448CF2611BC1F07F/image-size/medium?v=v2&amp;px=400" role="button" title="StianKantebakke_1-1747212443937.png" alt="StianKantebakke_1-1747212443937.png" /></span></P> <P>looking at the log in the cli we found some more errors:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="StianKantebakke_2-1747212811193.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/67601iE69FA83F7EDB1E04/image-size/medium?v=v2&amp;px=400" role="button" title="StianKantebakke_2-1747212811193.png" alt="StianKantebakke_2-1747212811193.png" /></span></P> <P>In the traffic log all traffic out from the management ip is allowed. The firewalls device certificate is valid.</P> <P>&nbsp;</P> <P>We have repportet the problem to partner support, have not had the need to use them before so dont know what to expect, but they have broken the 4h responce time at least now <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> <P>&nbsp;</P> <P>So reaching out here to hear if someone got some suggestions of possible errors or have experienced something similar before?</P> Wed, 14 May 2025 09:09:14 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-suddenly-stopped-reading-entraid-groups-from-cie/m-p/1229053#M124291 StianKantebakke 2025-05-14T09:09:14Z https://live.paloaltonetworks.com/t5/general-topics/firewall-suddenly-stopped-reading-entraid-groups-from-cie/m-p/1229056#M124292 <P>make sure the firewall is properly associated to your tenant via common services &gt; device association</P> <P>verify that the device certificate is valid and not throwing an error</P> <P>&nbsp;</P> <P>whats the output of&nbsp;</P> <LI-CODE lang="markup">show device-certificate status show user cloud-identity-engine status all</LI-CODE> <P class="p1">&nbsp;</P> Wed, 14 May 2025 11:03:09 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-suddenly-stopped-reading-entraid-groups-from-cie/m-p/1229056#M124292 reaper 2025-05-14T11:03:09Z https://live.paloaltonetworks.com/t5/general-topics/firewall-suddenly-stopped-reading-entraid-groups-from-cie/m-p/1229129#M124298 <P>Thank you for the reply, all 4 of our firewalls are listed under device association on common services.</P> <P>&nbsp;</P> <P>output from those commands are:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="StianKantebakke_0-1747291559228.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/67611i1B895450D95066B6/image-size/medium?v=v2&amp;px=400" role="button" title="StianKantebakke_0-1747291559228.png" alt="StianKantebakke_0-1747291559228.png" /></span></P> <P>&nbsp;</P> Thu, 15 May 2025 06:46:30 GMT https://live.paloaltonetworks.com/t5/general-topics/firewall-suddenly-stopped-reading-entraid-groups-from-cie/m-p/1229129#M124298 StianKantebakke 2025-05-15T06:46:30Z