Panorama: Device group can't view addresses nor zones in sec policies

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Panorama: Device group can't view addresses nor zones in sec policies

L3 Networker

I recently added a template and device group and associated them with two new PAN 3020s. The template and the device group were clones from similar environments. When I try to edit a security policy or add a new policy and go to the source or destination and try to add a zone or address, there is nothing in the drop down box. Things i have tried:

 

I logged out and back in.

I tried Edge in addition to Chrome. Explorer doesn't work at all (paints a white screen on login). I'm using Win10.

I tried creating a new address object and a new zone. But these likewise would not show up in the sec policy drop down.

I tried creating a dummy device and adding it to the device group.

I logged in a the local administrator of Panorama instead of my AD credentials.

 

I'm new on the job and still don't have a PAN support ID otherwise I'd open a ticket. Do any community members have an idea what might be going on?

5 REPLIES 5

Cyber Elite
Cyber Elite

Hello there.

 

I would encourage you (after we resolve your issue) to log into the PANW education portal and search for an EDU-120 class (self paced Panorama class), it will explain the concepts of Panorama and may give you some tips.

 

I believe you may be missing the reference template for your device group..

 

clipboard_image_1.png

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Thanks. I'm looking forward to trying that out tomorrow.

In what version do reference templates come into play? 

yeah... just confirmed that mine is 9.0, so there is something about your templates that are not been seen, when creating your device groups.

 

 

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Update - I wasn't able to solve the drop down problem. But I was able to work around it by say adding addresses and address groups in the device group. Then when I added the policies I added the names of the addresses (and zones) without using the drop down. After committing and pushing it all worked out it appears on the actual PAN devices. 

 

So at least the crisis was averted. Now if I could just get on the account to open a case.

  • 4906 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!