Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.
About Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.

Discussions

Welcome to the Panorama Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4947 Views
  • 0 replies
  • 0 Likes

Resolved! Template not being pushed to new devices

Hi, I have added some new firewalls to Panorama and would like to deploy templates to them. I added them to the correct device groups and stacks and saved on Panorama. When I click push to devices I am getting a lot of errors as seen below.. Why are the new firewalls not being configured with the template configs? These new firewalls are replac...

MAllen_0-1713867717218.png
M.Allen by L2 Linker
  • 3457 Views
  • 2 replies
  • 0 Likes

Panorama fails to upgrade itself with error: Label sysroot1 does not indicate a valid image

Hi all, last time I tryed to upgrade my Panorama, I had this error: "Label sysroot1 does not indicate a valid image". The panorama is working, also I'm able to upload images and content to managed firewall, only I cant upgrade itself. Is not related with upgrade image because is unable to reinstall also the currently installed image. I alr...

staltari_0-1665476121620.png
staltari by L1 Bithead
  • 22704 Views
  • 16 replies
  • 1 Likes

Problem with viewing and downloading 30-day logs on Panorama server

In this case, Panorama is not displaying the logs report correctly. So, I suggested the following : https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClK8CAK Then, I shared my action plan: 1. you could access the Panorama tab >set up >log export and reporting and change "Max rows in CSV export" and "Max Rows in ...

F.Pinar by L3 Networker
  • 2083 Views
  • 2 replies
  • 0 Likes

Upgrading 10.1.11-h5 to 11.1.2 directly ?

We have acquired 14XX series firewall for one of our locations, currently running Panorama version is10.1.11-h5 (VM-mode -Microsoft Azure, VM-100, system mode-panorama).This firewall 14xx is only compatible with 11. prior adding 14xx firewall, we must upgrade panorama to 11. we have determined that upgrading panorama to 11.1.2 is preferred opti...

PKN190137_0-1713350821355.png

Panorama Removal

Hi All, Our client is planning to remove panorama and manage their firewalls directly from PAFW GUI. What would happen to policies push from panorama once removed? will it be retained on the FW? What would happen for policies pushed for FW when panorama is still connected? Regards Nicko Panorama @

Panorama Syslog SSL error while writing stream

Hi we encounter issue show as below: Syslog SSL error while writing stream; tls_error=\'SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure\'. location=\'/opt/pancfg/mgmt/syslogng/pan_sysng.cfg:68:3\ found in syslog-ng.log as below: syslog-ng.log 2024-02-14 07:30:33Feb 14 07:30:33 DC1-L4-R25-EXT-PA01 syslog-ng[12083]: Syslog con...

Firewall and Panorama mangement certificate expire

Hi, We recently upgraded the firewall models 3220 and 820 last week and are managing them through Panorama. However, we received an alert message yesterday and also getting the alert message if i logging the panorama. Should we ignore this alert? To check if the certificates are up to date, can we use the command "debug management-server pan...

Prisma Access 3.2 Known Issue CYR-28288

One of our customers was affected by the Prisma Access 3.2 Known Issue CYR-28288 CYR-28288 --> When performing commits or upgrades, a Prisma Access deployment requires internet connectivity; without internet connectivity, certificate validation will fail and commits are not possible. https://docs.paloaltonetworks.com/prisma/prisma-access...

Firewall has the IPSec tunnel but Panorama don't. How to fix?

Hi Guys, We have one of the IPSec tunnel missing on Panorama but it is configured on individual Firewalls (HA pair). The tunnel is up and running. We don't want any downtime on VPN tunnel. Can I simply add missing IPSec tunnel to Panorama and do just " Commit to Panorama"? Or is there something else needs to be done?

MINKU2 by L0 Member
  • 2234 Views
  • 1 replies
  • 0 Likes

XML API not working

I am facing an issue with the Palo Alto API where I am unable to exclude 'policy-and-objects' and 'shared-object' in partial changes. When I try to use the following XML structure in my API request: https://firewall/api?type=op&cmd=<show><config><list><changes><partial><policy-and-objects>excluded</po...

Schedule Firmware Update via Panorama or Schedule NGFW Reboot via Panorama

Title says it all. Need to patch 16 NGFWs in geographically disparate locations. I see that I can schedule config changes and exports I see that I can push firmware in 3 ways: download, download+install, download+install+reboot. I do not see any way to schedule this.I also don't see that I can schedule a reboot alone were I to perform firmwa...

Resolved! How to use "name-of-threatid" for threat types like "spyware"

Hello, I want to filter Panorama Monitoring results based on the field "name-of-threatid" for threat types like "Spyware". But when I click on of the results, I get a filter like this: "... and ( name-of-threatid eq 'Grayware:ZZZZZ.com' )" but when I want to apply this filter I get this error: It seems this field only accepts numbers. Do you ha...

Arman_Zaheri_0-1705929625551.png

How to set the rule order using CLI on Panorama

Hi, when configuring rules using CLI on Panorama, I used the following syntax, however, if I have multiple rules, how do I configure the order of different rules? set device-group DGName pre-rulebase security rules RuleName to xxxxxx set device-group DGName pre-rulebase security rules RuleName from xxxxxx

nowayout by L1 Bithead
  • 2528 Views
  • 1 replies
  • 0 Likes
  • 723 Posts
  • 47 Subscriptions
Labels