This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

APP-ID adoption doesn't output any app-IDs

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

APP-ID adoption doesn't output any app-IDs

Eric.Hernandez
L2 Linker

‎03-09-2021 08:07 AM - edited ‎03-09-2021 09:00 AM


I'm using expedition 1.1.93

 


When I target my any/any rule for app-id adoption, the adoption process finishes, but no app-ids are displayed. This occurs whether I request a slow retrieval or a fast retrieval.

 

 

The same rule(s) work fine with ML and RE (app-ids show up as expected).

 

 

Any ideas? I'm not even sure how to troubleshoot this. Any help is appreciated. Thanks!

 

0 Likes Likes
11 REPLIES 11

Eric.Hernandez
L2 Linker

‎03-09-2021 08:57 AM

something to add... 

 

Initially I didn't have the "APP-ID via LOG" column showing in the security policies table. I've added that column. 

 

Oddly enough, now when I retrieve apps (fast or slow) the "APP-ID via LOG" column disappears from the table. If I add the column again, it's empty. 

0 Likes Likes

lychiang
L6 Presenter
In response to Eric.Hernandez

‎03-09-2021 09:27 AM

Hi @Eric.Hernandez 
For APP-ID Adoption, the important part will be the log connector, please specify the correct PAN-OS device that contains the security policy and logs, make sure Expedition can connect to it via API.  To verify that, you can try to click "Retrieve content -> running configuration and see if the latest configuration has been downloaded.  For more detailed steps, please review Module 1,2,6,7 of the below video playlist for APP-ID adoptions:
 
https://www.youtube.com/playlist?list=PLD6FJ8WNiIqXAfspousboWn6AllrOWVMi
 
Regards,
Lynn
0 Likes Likes

Eric.Hernandez
L2 Linker
In response to lychiang

‎03-09-2021 11:21 AM

Thank you Lynn. 

 

I'm using Panorama, and I have two log connectors each mapped to their respective device group (and devices). 

 

e.g.: 

LC1 = DG1 = devices 1 and 2

LC2 = DG2 = devices 3 and 4

 

 

I could be wrong, but I don't think the log connectors are mis-configure.  ML and RE work flawlessly across both DGs (thus invoking both LCs).

 

 

Do you have any other suggestions or ideas? Thank you again. 

 

0 Likes Likes

Eric.Hernandez
L2 Linker
In response to Eric.Hernandez

‎03-09-2021 11:31 AM

Oddly enough if I exit the project and go into devices, I only see the Panorama device. Retrieving the running configuration of the Panorama device works fine. I can also retrieve connected devices and the content of those devices with no errors.


If I go back into devices and select "show all devices", I now see the FW devices underneath the Panorama instance. If I drill into the FW device directly, and try to retrieve the running config, I receive a remote exception error stating "Please generate an admin API key first".


I was under the impression that I would perform all interaction via Panorama, and that I didn't need to worry about generating API keys at the device level. What do you think?

 

I'm going to look through the config logs and see if the admin user pw was changed anywhere.

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks