- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
10-16-2024 06:25 AM - edited 10-16-2024 06:27 AM
10-16-2024 06:21 PM
Hello @C.Stuart
could you try to set TLSv1.3_Firewall profile from drop down list directly in Template Stack instead of Template to see it can push to Firewall?
Kind Regards
Pavel
10-16-2024 08:28 PM
Hi @C.Stuart ,
You may need to Force Template Values, but that is dangerous because all of the template stack configurations will override the local configuration. Let's put that on hold right now.
Instead you may try to delete the command from the CLI. Maybe None is not the default. Don't commit. Then push from Panorama with the Edit Selections > Templates > Merge with Candidate Config box checked.
Thanks,
Tom
10-17-2024 02:29 AM
Hi Both,
Thank you for your responses. It never occurred to me that you could change the settings on the stack (relatively new to Panorama). The changes appear to be reflected in the Template Stack. Regardless, I have set the values on the template stack directly and I still get the same result. Everything except the SSL/TLS Service Profile is set. Just to confirm that it is working, I have also set some additional values that were also applied to the Firewall.
I've attempted to push to the Firewall with the 'Merge with Candidate Config' set although this was checked by default anyway. Unchecking, yields the same result as well. Similarly, I have also gone as far as forcing template values and, unfortunately (somehow), this has not worked either.
Kind regards,
Carl
10-17-2024 03:07 PM
Hello @C.Stuart
thank you for reply.
Could you please confirm PAN-OS version running on Panorama and on Firewall? I came across known issues in some versions where Panorama pushed configuration was not applied in Firewall.
Kind Regards
Pavel
10-20-2024 03:23 PM
Hello @C.Stuart
thank you for reply.
I can see below addressed issue in PAN-OS 11.1.4:
PAN-244746
Fixed an issue where changes committed on Panorama were not reflected on the firewall after a successful push.
Also, there is another addressed issue in PAN-OS 11.1.5, however since you are able to push certificates and able to apply them through profile it might not be related:
PAN-251035
Fixed an issue where selective push operations did not push certificate changes to the firewall.
If you decide to upgrade Panorama, I would recommend to go straight to 11.1.5 to avoid the upgrade issue discussed in this thread: Unable to upgrade Panorama to 11.1.4-H1.
Kind Regards
Pavel
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!