05-05-2022 08:56 AM
Hello Comunity,
I have a weird issue, we upgrade a cluster to 10.1.5-h1 from a 9.1 version, after the upgrade on the gui i see all the ipsec tunnels duplicated for example i had an ipsec tunnel called vpn_consult, after the upgrade i had 2 ipsec tunnels called vpn_consult, all the tunnels are working, and in the merge-running-config.xml, i see all the tunnels ok, so, no double entries on the config xml.
someone have see this problem?
05-05-2022 09:42 AM
how reset GUI, just entering to that URL?
05-10-2022 03:36 AM
Yeah I get this too. It is a graphic issue only as the duplicates do not appear in the CLI, and are true duplicates which is not possible under config validation.
I manage multiple different customer environments and it seems to have on upgrade to 10.0 or 10.1 (I have not tested 10.2). It has happened consistently on every upgrade I've done. All of these are panorama managed and the tunnels show one Panorama inherited tunnel (correct) and a duplicate copy of the same as firewall local (incorrect).
If any one finds a way to fix it please let us know as it is annoying and confusing to customers.
05-10-2022 03:44 AM
Forgot to mention that it also appears in Panorama. The template shows a single copy of the VPN, however the Template stack shows 2 copies of all tunnels (all of them coming from the same Template which only has a single copy).
Weird bug.
05-10-2022 05:48 AM
I found this on a reddit forum, it looks like someone encounter the same, but i couldnt find this PAN-191466 code to confirm it
"This problem is being cause by a recently discovered issue called PAN-191466. From what I read in our internal database of Panorama issues, this problems started in Panorama 10.1.5 and has not been resolved yet. There were no workarounds listed, but I would assume that going to 10.1.4 or earlier would fix the issue, but I cannot verify this. The future Release Notes will announce when this issue is resolved. Below is some information on this issue."
* The Panorama override option is not available in the template stack to modify the IPSec tunnel settings after the Panorama 10.1.5 upgrade.
* Duplicate IPSec tunnel objects gets created on Firewall/Panorama (Template-stack) WebUI after upgrading after the Panorama 10.1.5 upgrade.
05-15-2022 07:23 AM
We faced the same issue after upgrading from 10.0.7 to 10.1.5-h1.
Any recommendation to fix this yet..?
05-17-2022 03:14 AM
it looks like it will be fix on 10.1.6, but still no confirmation or the error code been public on the palo alto. At least they should public the bug
06-01-2022 06:52 AM
Hello, has anyone had the opportunity to test the 10.1.6 and check if it was fixed there?
06-09-2022 11:35 AM
I can confirm the duplicate tunnels & no override available is fixed in 10.1.6
10-27-2022 10:45 PM
Anyone share the bug ID for duplicate IPSEC tunnels showing on Palo Alto/Panorama in 10.1.5 version ?
11-28-2022 02:40 AM
This has been fixed in Pan-os 10.1.8.
01-13-2023 05:18 AM
Preferred version for 10.2.x branch is 10.2.3-h2
It does not have duplicate tunnels there.
10.2.0 is old and has CVEs fixed in later releases.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
