Panorama: Device group can't view addresses nor zones in sec policies

Reply
L3 Networker

Panorama: Device group can't view addresses nor zones in sec policies

I recently added a template and device group and associated them with two new PAN 3020s. The template and the device group were clones from similar environments. When I try to edit a security policy or add a new policy and go to the source or destination and try to add a zone or address, there is nothing in the drop down box. Things i have tried:

 

I logged out and back in.

I tried Edge in addition to Chrome. Explorer doesn't work at all (paints a white screen on login). I'm using Win10.

I tried creating a new address object and a new zone. But these likewise would not show up in the sec policy drop down.

I tried creating a dummy device and adding it to the device group.

I logged in a the local administrator of Panorama instead of my AD credentials.

 

I'm new on the job and still don't have a PAN support ID otherwise I'd open a ticket. Do any community members have an idea what might be going on?

L4 Transporter

Re: Panorama: Device group can't view addresses nor zones in sec policies

Hello there.

 

I would encourage you (after we resolve your issue) to log into the PANW education portal and search for an EDU-120 class (self paced Panorama class), it will explain the concepts of Panorama and may give you some tips.

 

I believe you may be missing the reference template for your device group..

 

clipboard_image_1.png

L3 Networker

Re: Panorama: Device group can't view addresses nor zones in sec policies

Thanks. I'm looking forward to trying that out tomorrow.

L3 Networker

Re: Panorama: Device group can't view addresses nor zones in sec policies

In what version do reference templates come into play? 

L4 Transporter

Re: Panorama: Device group can't view addresses nor zones in sec policies

yeah... just confirmed that mine is 9.0, so there is something about your templates that are not been seen, when creating your device groups.

 

 

L3 Networker

Re: Panorama: Device group can't view addresses nor zones in sec policies

Update - I wasn't able to solve the drop down problem. But I was able to work around it by say adding addresses and address groups in the device group. Then when I added the policies I added the names of the addresses (and zones) without using the drop down. After committing and pushing it all worked out it appears on the actual PAN devices. 

 

So at least the crisis was averted. Now if I could just get on the account to open a case.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!