Panorama | Unable to add subinterface

Reply
L4 Transporter

Panorama | Unable to add subinterface

iam facing below error while adding new sub-interface to our firewall – managed by panorama

 

 

Joshan_Lakhani_1-1583227839202.jpeg

 


Accepted Solutions
L6 Presenter

@Joshan_Lakhani,

 

Try deleting the interface, push the config, re-create the interface, push template again.

 

Mayur

Mayur S.

View solution in original post

L0 Member

i am also having this issue but i do not understand these instructions, can you please elaborate on them?


"Remove Panorama Settings (IP address and Don’t import anything)
Click OK
Edit it again and enable both Policy and Device objects.
Click OK
From Panorama, commit Device Group (including the new sub-interface)."

View solution in original post


All Replies
L6 Presenter

@Joshan_Lakhani,

 

Try deleting the interface, push the config, re-create the interface, push template again.

 

Mayur

Mayur S.

View solution in original post

L4 Transporter

subinterface  will show in firewall but not show at panorama.

L6 Presenter

@Joshan_LakhaniIs sub-interface configuration done locally on gateway? I am just curious how configuration is pushed on gateway.

 

Mayur

Mayur S.
L4 Transporter

My Panorama Version is 8.1.7 i went to say when i create sub interface or zone  on panorama and import to firewall it generate this error

L6 Presenter

@Joshan_LakhaniHave you tried to delete config on Panorama, pushed config and then reconfigure same.

 

Also look over here - https://live.paloaltonetworks.com/t5/General-Topics/Reference-not-valid-Panorama/td-p/116085

 

Mayur

Mayur S.
L4 Transporter

i have delete the subinterface from panorama and pushed the template and again reconfigure the interface but issue still same. Can you please tell me is there any bug in 8.1.7 b/c iam not able to see other Firewalls sub interface  on panorama 

L0 Member

i am also having this issue but i do not understand these instructions, can you please elaborate on them?


"Remove Panorama Settings (IP address and Don’t import anything)
Click OK
Edit it again and enable both Policy and Device objects.
Click OK
From Panorama, commit Device Group (including the new sub-interface)."

View solution in original post

L0 Member

just for clarity the fix was to mirror the exact changes you make on panorama on the local firewall. so basically you push the same config you make twice, once each device. then they match up and you get a green sync again. it may be possible to get this to work from Panorama with the "push to devices" or "push to all" but i did not have any luck. Logging into the local firewall, making the changes, committing, the doing the same config again on panorama and committing did fix it.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!