Unable to add one VM-instance in the Device group in the Panorama for cloud NGFW for Azure.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Unable to add one VM-instance in the Device group in the Panorama for cloud NGFW for Azure.

L1 Bithead

Hi, 

 

We have recently created cloud NGFW Palo alto on Azure. We have successfully integrated firewall in to the panorama as well. We have created one Device group and added all three new VM-instances from the Cloud NGFW. 

Recently one of the VM instance went down. After logging a call with PA TAC , the TAC engineer rebooted the instance on the Azure side and now I am able to see the instance as connected in the Panorama. However I am unable to add the VM instance in to the Device group. If I am trying to push any policy, it is showing only the two instances under the selected device group. Any help to add the one instance in to the existing DG?. If I push the configuration only to the two VM Instances what will happen?. this will impact the traffic flow?. Any help is highly appreciated as I am eagerly looking for a solution for this. 

 

Thanks & Regards

Madhankumar Rangasamy. 

4 REPLIES 4

Community Team Member

Hi @jm_madhan ,

 

WHat error do you see when you try adding the firewall back into the devicegroup? Can you run a show devicegroups name <device-group-name> in panorama CLI to verify that the firewall isn't there? 

 

As far as pushing to the DG with the 2 firewalls, it will only impact traffic flow of the third firewall missing from the DG. if the fw is not currently in a DG then it will not receive the push from panorama. 

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

Cyber Elite
Cyber Elite

Hello @jm_madhan

 

if you are unable to add a Firewall to Device Group, could you have a look into configuration log: "less mp-log configd.log" to see it can give a reason for a failure?

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Thanks, Jay, for your reply. There are no errors. After adding the VM-Firewall instance in to the device group, I tried to push the config to the devices. However I am seeing only two devices there and one device is still missing. Anyhow I have raised a Advanced TAC now and PA engineeering team is checking this issue.

Hello Pavel, Thanks for your response. I am able to add the device in the group. However, when I am trying to push the config, I am seeing again only two devices in the device group. Anyhow I have raised an advanced TAC now and PA engineering team is checking this issue.

 

Thanks & Regards

 

Madhankumar.

  • 1635 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!