Panorama Project - Security Policies not showing for "all" or specific device-groups

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Panorama Project - Security Policies not showing for "all" or specific device-groups

L1 Bithead

After importing Panorama into a Project the Dashboard show's the full number of security rules but when you go into the policies, select the Panorama xml config and try to vew "all" or for specific device-groups it displays "no data".   Running v1.1.26, Although I was having this issue on v1.1.22 but left it alone while the web gui reload loop was being fixed.

11 REPLIES 11

L2 Linker

I have the same issue, it worked until I upgraded to the latest version. The odd thing is when I choose the device group, nat rules and everything else shows up, but not security policies. 

 

Weird, I am sure there will be an update to fix whatever was broken. 

L5 Sessionator

this is due to a change in default behavior - introduced in 1.1.24 - choosing 'All' displays all policies from all DG's for example.

In prior versions if I had a Panorama connected dg I could see it in security policies. I can see nat and all of the other elements, but not policies. Occasionally when loading I will see a brief flash of the policies and then a blank screen. No weird errors in the logs. 

 

I use Expedition for fifty or sixty ha pairs and selectively choose log export since most of our firewalls generate 15-50gb of logs per day. I don't see any form of resource constraint since our primary VM is in a server farm. 


I loaded it on a vm at my house on a 1.1.24 and it works as expected. I can see the policies, so did I miss something in the release notes?

 

Anyhow, thanks for the help! 

We are not seeing any policies at all, either selecting all or specific device group.

can you create a new project, import the panorama config again and let me know if you are ablew to see the policies in the new project?

 

i'm trying to narrow the issue to a global issue with your Expedition or something that may be specific to the project.

I have removed all devices and projects about fifteen times on the current release and the policies don't show up. If I manually enter a non-Panorama firewall it works. I have tried with about twenty different Panorama managed dg's, none of them show up. I have expanded the dg's and imported them and the Panorama dg's do not show polices, but nat, pbf, and all other objects show up. 

 

 

 

 

Also have done the same process as @kenvizena countless times with similar results, although even if an individual Firewall is imported the policy still doesn't show for a specifc vsys.  As a test iimported the Panorama xml into a test Expedition VM running v1.1.23 and the policies were displaying as expected.  For various reasons I can't transfer the ~80GB of traffic logs to this test VM in order to run ML and produce a Greenfield Policy.  Hopefully we can get this working again in current versions...    

 

@kenvizena can you export project file and email to fwmigrate @ paloaltonetworks.com for debugging.

Yep, I will do it in the morning. 

 

Thanks for the help!

L0 Member

Is there somewhere a solution written?

n/a

Hi @EikeChristian Solution will be upgrade your expedition to the latest version 1.2.51

  • 11563 Views
  • 11 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!