This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.
About Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.

Discussions

Start a conversation

Welcome to the Panorama Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4918 Views
  • 0 replies
  • 0 Likes

GP -> SAML -> EntraID Windows users vs Mac user experience issues

Got a weird one and I'm on Mac so short of pestering my colleagues reaching out to the greater community while I wait on support to attempt to triage. GP client 6.2.3 - PAN 11.1.2 GP setup; using default browser to support our yubikey users using auth override cookies portal creates gateway accepts Problem comes with a super annoying us...

plupini by L1 Bithead
  • 3328 Views
  • 6 replies
  • 0 Likes

Help finding partial config diff API

I'm working on an integration to segment access to the Panorama feature to review audit comment messages and partial config diffs for policies. In Panorama, if you navigate to Policies -> <select a policy> -> Audit Comment Archive, there are three panels available there; Audit Comments, Config Logs (between commits) and Rule Changes...

Resolved! Cannot push IKE gateway X variable using template (chicken or the egg)

I have run into another 'bug' in 11.0.2 where my Palo Alto (PA-440) is trying to apply a configuration in an impossible order. Or, more likely, this is a Panorama bug of some sort. Screenshot of gateway configuration: Error message from the attempted push from Panorama: network -> ike -> gateway -> vpn-xxx-> local-address -&g...

SteveBallantyne_0-1692131763931.png

Add managed firewall to Panorama without import policy to Panorama

Hi all There are pre-rules, local firewall rules, post-rules and default rules after I added a firewall to Panorama, but when we import the configuration to device group, seems import rules to pre or post rules is a must during the the import operation, then the original local firewall rules will become the pre or post rules after we push the ...

alextsa by L1 Bithead
  • 1869 Views
  • 2 replies
  • 0 Likes

No logging for URL Filtering on Panorama

Hello all, Having some trouble getting URL filter logging to work correctly. The PA is currently running version 10.2.6 When going to Objects > Security profiles > Url Filtering, I do see red text saying a license is needed for URL filtering. But if I read online correctly this is only for advanced URL Filtering? I have gone to O...

NGFW - Panorama registration 3978 : Traffic allowed but RST constantly.

Hi, I was trying to connect a new PA-440 spare device to our existing Panorama infrastructure, when i faced this weird issue as shown in the system logs. It's as if the TCP session starts and abruptly ends on port 3978 leading to a never ending loop of success and failure. The Panorama is natted behind a cisco so i went there to see wha...

OELHANCHI_0-1713863049269.png
OELHANCHI_1-1713863173974.png

Panorama - Failed to update content with following message: encfilesize is 91736928

Hi Mates, Our Panorama Pan OS is 10.0.12-h3 with older content update. While installing 10.1.12 PAN OS it is asking to update the content updates first. While installing content update in Panorama gives below error. Failed to update content with following message: encfilesize is 91736928 No matching apps package found in panupv2-all-contents-88...

Cisco ACI-Plugin for Panorma: IP Subnet of BridgeDomain not being synced

Dear Guys we have a Cisco ACI in place that polcy redirects all traffic to our Palo DC firewall. For creating policies we rely on the Cisco ACI Plugin to sync endpoint information (IPs, Subnets, etc.) from ACI. The issue: The "bridge domain" element is not synced with the corresponding subnet (10.xxx.171.254/22 => 10.xxx.168.0/22) but with ...

Resolved! Panorama import local managed device issue

I added a PA to panorama test lab with version 9.1.11 them import configuration. However I am unable to push config from panorama to PA and I found below errors which showing customized application is in use, then I need to delete many objects and policies on PA firewall to push configuration. I want to know is it a normal practice for Panorama ...

TonyTam by L1 Bithead
  • 13265 Views
  • 4 replies
  • 0 Likes

Errors after deploying template from Panorama

Hi all, I am seeing the below errors after deploying templates to Palo's when attempting to commit HA configuration. I have applied the HA IP so unsure why that is stating ip-address to be configured? Also what is best way to resolve these dynamic list no cert with profile errors?

MAllen_0-1713886027548.png
MAllen_1-1713886065327.png
M.Allen by L2 Linker
  • 1410 Views
  • 2 replies
  • 0 Likes

Resolved! Template not being pushed to new devices

Hi, I have added some new firewalls to Panorama and would like to deploy templates to them. I added them to the correct device groups and stacks and saved on Panorama. When I click push to devices I am getting a lot of errors as seen below.. Why are the new firewalls not being configured with the template configs? These new firewalls are replac...

MAllen_0-1713867717218.png
M.Allen by L2 Linker
  • 3414 Views
  • 2 replies
  • 0 Likes

Panorama fails to upgrade itself with error: Label sysroot1 does not indicate a valid image

Hi all, last time I tryed to upgrade my Panorama, I had this error: "Label sysroot1 does not indicate a valid image". The panorama is working, also I'm able to upload images and content to managed firewall, only I cant upgrade itself. Is not related with upgrade image because is unable to reinstall also the currently installed image. I alr...

staltari_0-1665476121620.png
staltari by L1 Bithead
  • 22303 Views
  • 16 replies
  • 1 Likes

Problem with viewing and downloading 30-day logs on Panorama server

In this case, Panorama is not displaying the logs report correctly. So, I suggested the following : https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClK8CAK Then, I shared my action plan: 1. you could access the Panorama tab >set up >log export and reporting and change "Max rows in CSV export" and "Max Rows in ...

F.Pinar by L3 Networker
  • 2060 Views
  • 2 replies
  • 0 Likes

Upgrading 10.1.11-h5 to 11.1.2 directly ?

We have acquired 14XX series firewall for one of our locations, currently running Panorama version is10.1.11-h5 (VM-mode -Microsoft Azure, VM-100, system mode-panorama).This firewall 14xx is only compatible with 11. prior adding 14xx firewall, we must upgrade panorama to 11. we have determined that upgrading panorama to 11.1.2 is preferred opti...

PKN190137_0-1713350821355.png
  • 854 Posts
  • 47 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks