We have an intern who we have given admin rights to our Palo Alto boxes and Panorama. I created a custom Intern role for him that just gave him access to the logs and reports and things but then read only to everything else. What is happening is when he gets on the actual PA5050 box and goes to monitor or ACC where it shows an IP address it actually shows the exact IP like what we all see. But when he goes to Panorama where the IP should be he just sees the subnet. Like 10.10.10.0/24.
I am wondering if it is a code version issue as when we all go in Panorama it shows up right for us. On our actual PA5050 boxes we are running 4.1.6 and on Panorama we are running 5.0.4.
Would this cause the difference? Is there something in the 5.0 code that changes what a non superuser seesles
The information that you see in the Monitor-->Logs of the Panorama should match with the information in the Logs on the Firewall. This behavior looks buggy to me, especially full privileged Admins are able to see a different info than the Custom Role Admins. I would recommend to open a ticket with support for further investigation.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!