unable to connect to Panorama error "TSL-SESSION-DISCONNECTED"

Hi Team,

I am unable to add my gateway to Panorama, It is showing system logs TSL-SESSION-DISCONNECTED in panorama,

It is connecting and disconnecting every minute. When I supply command show devices in panorama, The predefined certificates not

The Panorama IP has been changed on the firewall, but the firewall still has a session to the original IP

Panorama is used for management and log collection. The IP address of Panorama has not changed. There is a firewall outside Panorama, which maps the 3978 port of the firewall's exit IP to Panorama. The managed firewall was originally configured with

Dynamic Address Group values in Panorama

Is there a way to have the values from a dynamic address group show in Panorama if its placed in the group on a firewall itself? I was looking for a central place where a device can manually be removed from the group if needed and redistributed to al

URL download blocked and unable to remove block for user to access the download.

How do I get a URL download unblocked that is not on the block policy in Panorama, found to be low risk in test a site, and found to be benign when analyzed by wildfire.

Primary palo alto 220 missing on panorama but I can access it via CLI

Needing your help I'm newbie on Palo alto . We have a Panorama on one of our sites this is PA 200 before I'm seeing the primary on panorama but not its not. Although I can access it via SSH and use the CLI but when I run the show running sync-to-pano

Terraform Panorama Nat Policy group panos_nat_rule_group on panorama is not working - Terraform version = "1.11.1"

Hi Team ,

We are testing the panos_nat_rule_group on panorama using terraform and somehow it is not working

1) Below is the official terraform documentation for Panorama Nat Policy group
https://registry.terraform.io/providers/migara/pan-os/latest/doc

Template stack override clear pending change

I mistakenly clicked an override on a template stack and now there are pending changes to be pushed to the firewalls.  I tried the revert option in Panorama next to the commit button but it did not show any changes.

I tried the Revert to running Pa

HIP Notification + Windows Updates

I have HIP notifications set up when users do not have Microsoft patches greater than or equal 2 severity. I would like to only notify them if it is a Windows Update, specifically security updates. As of now, they are getting the notification for any

Panorama managed devices lose configuration

On two occasions recently my firewalls stopped functioning correctly following a reboot.

The first time affected a single firewall. I restarted the firewall in order to troubleshoot.

The second time was after a software update. Both firewalls were rebo

Template stacks and Vsys1

Hello,

I am running into an issue when attempting to create a template stack and vsys1 not being able to be removed. I have a defined vsys that I want to use with all the necessary information already in it and as I start building out my stack I no

generating a vm-auth-key - how to make it persistent

Hi All,

On Panorama, is there a way to make a newly  generated  'vm-auth-key' persistent so it can survive a reboot?

request bootstrap vm-auth-key generate lifetime xxxx

we want to set it to a lifetime of one year where we will auto deploy and sc

Management server failed to send phase 1 to client sslvpn

Hi All, Commit is getting failed on only Active unit while pushing it from Panorama.

Commit Failed from Panorama

Error : Management server failed to send phase 1 to client sslvpn

Commit is failing only on Active unit while commit is successful on

Should you track failed login attempts and how ?

How important is it to configure an alerting/incident for failed login attempts to the Palo Alto Panorama or Firewalls.

This is for:

(1). SAML based authentication (2). Local logins. 

Should both of them be tracked and do we need to monitor the sys