- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-22-2024 10:36 PM
Hi,
We have recently created cloud NGFW Palo alto on Azure. We have successfully integrated firewall in to the panorama as well. We have created one Device group and added all three new VM-instances from the Cloud NGFW.
Recently one of the VM instance went down. After logging a call with PA TAC , the TAC engineer rebooted the instance on the Azure side and now I am able to see the instance as connected in the Panorama. However I am unable to add the VM instance in to the Device group. If I am trying to push any policy, it is showing only the two instances under the selected device group. Any help to add the one instance in to the existing DG?. If I push the configuration only to the two VM Instances what will happen?. this will impact the traffic flow?. Any help is highly appreciated as I am eagerly looking for a solution for this.
Thanks & Regards
Madhankumar Rangasamy.
02-28-2024 07:20 AM
WHat error do you see when you try adding the firewall back into the devicegroup? Can you run a show devicegroups name <device-group-name> in panorama CLI to verify that the firewall isn't there?
As far as pushing to the DG with the 2 firewalls, it will only impact traffic flow of the third firewall missing from the DG. if the fw is not currently in a DG then it will not receive the push from panorama.
02-29-2024 07:12 PM
Hello @MADHANKUMARRANGASAMY
if you are unable to add a Firewall to Device Group, could you have a look into configuration log: "less mp-log configd.log" to see it can give a reason for a failure?
Kind Regards
Pavel
02-29-2024 10:32 PM
Thanks, Jay, for your reply. There are no errors. After adding the VM-Firewall instance in to the device group, I tried to push the config to the devices. However I am seeing only two devices there and one device is still missing. Anyhow I have raised a Advanced TAC now and PA engineeering team is checking this issue.
02-29-2024 10:34 PM
Hello Pavel, Thanks for your response. I am able to add the device in the group. However, when I am trying to push the config, I am seeing again only two devices in the device group. Anyhow I have raised an advanced TAC now and PA engineering team is checking this issue.
Thanks & Regards
Madhankumar.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!