Firewall Region bug

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Firewall Region bug

L2 Linker

Hello,

 

we are experiencing the bug as per the link below

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClicCAC

 

can anyone advise if this has been resolved in release 7.1.x code and if so in what release?

 

Thanks

 

Ryan

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

hi Ryan

 

Did you follow the workaround to fix the issue?

This bug is pretty old, so old in fact it is not tracked for any of the current releases (so i'm pretty sure it's fixed in al currently supported OS releases

 

If you intend to upgrade, I'd recommend going to the last available maintenance release for 7.1 and then plan to move to 8.1 as 7.1 is set to reach end of life in march 2020 (8.0 is set to end-of-life by November 1st 2019)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

hi Ryan

 

Did you follow the workaround to fix the issue?

This bug is pretty old, so old in fact it is not tracked for any of the current releases (so i'm pretty sure it's fixed in al currently supported OS releases

 

If you intend to upgrade, I'd recommend going to the last available maintenance release for 7.1 and then plan to move to 8.1 as 7.1 is set to reach end of life in march 2020 (8.0 is set to end-of-life by November 1st 2019)

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hello,

If what Reaper is not working for you. Open a ticket with the evidence so that the dev team can update the lists. They use Arin results, but IP subnets are geting bought and sold and sometime vendors are a bit behind. I had an issue where an ISP in Texas was using Canadian IP's that they purchased. So my user was not able to get to any of our services, we block Canada. 

 

Regards,

@otakar The issue described in the article happens when you create a custom region using one of the built-in names for a region, and then deleting that custom region This locks the region in the idmgr as a custom one even though the custom one was deleted intimated of reverting to the built in (ie creating a custom "BE" region, then deleting that after a while causes the built-in BE to not pick up the iana/ripe/... ip space until you reset the idmgr) :::commit between each step is required::: :::this report is very very (4.1) old:::
Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 1 accepted solution
  • 4047 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!