@ms.jzam do you currently have the profiles running on the firewall? If not they will not show up in the current configuration.
Also if you are pushing from Panorama then they will not show up on the local firewall configuration (sorry I didn't think to mention this before). These configs can be shown on the local firewall however they only show as xml (there is no option to change this).
pa-firewall> show config pushed-template
pa-firewall> show config pushed-shared-policy
From Panorama CLI you can view these as well but it is more convoluted to get to a specific firewall config.
Panorama> set cli config-output-format set
Panorama# show device-group <pa-firewall>
Panorama# show template <pa-firewall> config network profiles zone-protection-profile
I am trying to find a maintenance window to test and collect logs and do a packet capture. I am hoping maybe i will get luck tomorrow morning though unlike other places I have worked most users are on the VPN during the work day instead of the off shift or I would have done it by now LOL :P
Ok that's two confirmations on fixing the issue. I think this deserves to be bumped until we can sniff out a solid understanding of what's happening here.
I would love to help on this but unfortenately I can't reproduce the issue at all. Unfortanetly the only way you can enable Packet Drop Logging is if your device is in Common Criteria (CCEAL4 Mode), which I doubt yours are; that would be something to check out though, because if they are you might get your why answer.
The exact ZP settings that you actually had selected at the time you ran into the issue; along with how you actually have the tunnel configured and the IP ranges being used on both sides. Then it would just be how your VPN was actually setup and configured. If you feel more comfortable sending this directly and not posting it on the forum just let me know and you can just email it over to me.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!