Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Firewall Down Can't Override Panorama Managed Policies/Settings

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Firewall Down Can't Override Panorama Managed Policies/Settings

L0 Member

Last week we lost one of our sites Acitve/Passive firewalls.  An event appeared to happen, that caused the firewalls to try a failover.  However the failover failed, and the firewalls were in a "hung" state.  When I had smart hands plug into the MGT port, I was able to get into the GUI.  The ports all showed "down"(or gray).  Previous admins set the network interface IP addresses, NAT policies, and other settings using names objects.  The firewall logs showed "invalid reference" errors on these settings(like NAT, and interface).  So I wanted to go into NAT, and the interface IP settings, and change them directly to IP to get rid of the invalid reference errors.  This didn't work.  I couldn't override the Panorama mgmt.  The override option was also grayed out.  Was curious if anyone had any suggestions?  I have opened a case, with Palo, for next week.  Thanks for all of your help!

2 REPLIES 2

Cyber Elite
Cyber Elite

@StavrosZannikos

It kind of sounds like you were logged into the device with an account that wasn't a Superuser. Can you verify what permissions you actually have on the local firewall. 

Thank you for your reply!  The account is the super user account(local account since we can’t AAA due to the firewalls not having network connectivity).  It seems there’s some kind of lock from panorama.  

  • 1453 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!