Warning: Disabled applications in vsys1

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Warning: Disabled applications in vsys1

L1 Bithead

Hi,

 

For a while when committing we would see the message below because the applications were disabled. We have since enabled all of these applications, but are still seeing the same warning. Curious if anyone else has encountered this, and whether there is a fix for it?

 

Warning:

Disabled applications in vsys1: assembla-base assembla-uploading cellcrypt cloudforge-base cloudforge-uploading fortnite glassdoor-base glassdoor-downloading glassdoor-editing glassdoor-posting glassdoor-uploading google-expeditions gqueues hootsuite-posting hootsuite-sharing hootsuite-uploading jamf matlab ms-store mtconnect paloalto-directory-sync paloalto-logging-service papercut qliksense-cloud-base qliksense-cloud-downloading qliksense-cloud-editing qliksense-cloud-sharing qliksense-cloud-uploading quora-posting quora-uploading rally-software-downloading rally-software-editing rally-software-sharing rally-software-uploading showmax-base showmax-streaming sourceforge-downloading sourceforge-uploading tableau-downloading tableau-editing tableau-uploading watchdox-downloading watchdox-editing watchdox-sharing watchdox-uploading yammer-downloading yammer-editing yammer-sharing yammer-uploading

1 accepted solution

Accepted Solutions

We use a Panorama to manage our firewalls, and while we enabled all the applications on the firewalls, we had not done the same on the Panorama. There is nowhere in the GUI to do this and we didn't know it was required since we have to manage the application status on each FW. I ran the following command on the Panorama for each application we received the message for and this resolved our issue.

 

request set-application-status-recursive status enabled application assembla-base

View solution in original post

4 REPLIES 4

L2 Linker

We've had this happening for a bit now.

 

Runing this command in the CLI showed no disabled app-ids.

request get-disabled-applications

 

Running this command, however, did show disabled app-ids.

show running application disabled

 

According to support this is only a cosmetic issue. They also said that it was fixed in 8.1.14, which we installed and found its still happening now.

 

They suggested this article, which we've not implemented yet.

 

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-new-features/app-id-features/app-id-ease-of-use/...

 

Forgot to mention that we ran this on the disabled app-ids and it made no difference for us.

 

request set-application-status-recursive enable-dependent-apps yes application <appplication-name> status enabled

We use a Panorama to manage our firewalls, and while we enabled all the applications on the firewalls, we had not done the same on the Panorama. There is nowhere in the GUI to do this and we didn't know it was required since we have to manage the application status on each FW. I ran the following command on the Panorama for each application we received the message for and this resolved our issue.

 

request set-application-status-recursive status enabled application assembla-base

With only 4 firewalls, we're not using Panorama.

 

Working with support we ran the command you mentioned. And then ran "commit force." That worked for the passive peer of our HA pair. We're scheduling a window to failover to that for testing. Part of this issue was that the new app-threat updates would break a sec policy. When we reviewed the apps against our policies it didn't match with what broke. A new app-id would only affect security policy A according to the review. When it was enabled it broke policy B.

 

The latest thinking is that content updates are corrupted. But more testing will reveal that.

 

Thanks for replying!

  • 1 accepted solution
  • 16622 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!