In virtual-router all tunnel interfaces are listed as "tunnel"

Reply
Highlighted
L2 Linker

In virtual-router all tunnel interfaces are listed as "tunnel"

I have added three tunnel interfaces (tunnel.101, tunnel.102, tunnel.103) and assigned them to a virtual router. Now I want to add static routes pointing to the tunnel interfaces as next hop.

I have discovered that all tunnel interfaces are listed as "tunnel" - and not "tunnel.101", "tunnel.102", "tunnel.103".

I believe that this is a bug?

BR,

Nicolai

L4 Transporter

Re: In virtual-router all tunnel interfaces are listed as "tunnel"

dear nicolai

what version are you running?

can you provide a screenshot?

L2 Linker

Re: In virtual-router all tunnel interfaces are listed as "tunnel"

In fact it looks as if all sub-interfaces are listed incorrectly. I have several sub-interfaces on ethernet1/11.

Version 3.0.1 Last Revision: May 21 2015 00

tunnel_if.png

L4 Transporter

Re: In virtual-router all tunnel interfaces are listed as "tunnel"

dear

looks like a bug to me

but this is also already a very old PanOS version

please upgrade to at least 5.x or higher

L2 Linker

Re: In virtual-router all tunnel interfaces are listed as "tunnel"

I am referring to the version of the migration tool :smileyhappy:

The PanOS version is 6.0.x.

L7 Applicator

Re: In virtual-router all tunnel interfaces are listed as "tunnel"

Hi,

Yes its a Bug, let's fix it. question is why dont you use the Firewall or Panorama for configuration purposes instead to use the Migration Tool? :-p

Regards

L2 Linker

Re: In virtual-router all tunnel interfaces are listed as "tunnel"

Thanks.

I am migrating from a firewall that is not zone aware and using rule based VPN - and a lot of VPN related rules. By defining tunnel interfaces and routes in the migration tool I could have auto-assigned zones to the VPN rules.

However, because of this bug I now do the assignment of zones manually.

BR,

Nicolai

L7 Applicator

Re: In virtual-router all tunnel interfaces are listed as "tunnel"

As a workaround maybe you can export your config from the MT3 to your firewall, make the changes there and export it and re-load into the MT3 and then run the auto-zone?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!