The connection between the Prisma Access Cloud and the on-prem devices is usually based on the IPSEC protocol for site to site VPNs. For extra security, configure Prisma Access to be the VPN responder and the on-prem firewall/router as the VPN initiator.
This article is based on a discussion, Panorama Issue - cannot edit an interface on a template stack, posted by @Kai_Ulrich and answered by the Support Team. Read on to see the discussion and solution!
I cannot open/edit anything in a template stack under template->network->interface
Zones and other things in the stack are working fine but if I click on an interface e.g. ethernet1/1 the window for the interface is popping up for some milliseconds and is closing directly.
Ive tested serval browsers on serval computers - restarted and updated panorama.
the editing on a template works well:
but not on a template stack (all stacks)
As panorama admin everything is working. The problem is only happen when I use a user with the type "Device Group and Template Admin"
Ive created a user with the type "DeviceGroup and Template Admin" and one access domain and one admin role.
in the admin role Ive enabled everything for the WEB-UI excluding panorama, save for other admins and commit for other admins but the network part is completely allowed.
The template and the stack re also included
I m using Panorama 10.0.7 (same problem was also with 10.0.6 and 10.0.5)
i couldn't find anything on the internet and just don't know what to do. i've been despairing about this problem for a very very long time. Maybe someone can help me , maybe it is a really stupid configuration issue. but i cannot find it. i played a lot with the rights but only as panorama admin it works in the stack.
Thanks a lot!
Hello @PavelK ,
here the answer from Palo Alto:
I would like to update that we have been able to replicate this issue in our lab. It seems as if the concerned issue is only observed for the DG&T admin when SDWAN plugin is installed but not configured on Panorama. We are discussing this internally if it requires another code change or the aforementioned change in 10.1.3 should be sufficient. Meanwhile, since i see that the SDWAN is not configured on this Panorama, as a workaround we can remove the SDWAN plugin from this Panorama if acceptable.
I've uninstalled the plugin and it works