This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.
About Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.

Discussions

Start a conversation

Welcome to the Panorama Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4842 Views
  • 0 replies
  • 0 Likes

Resolved! How are duplicate shared objects identified in Panorama?

I know that when you migrate a firewall into Panorama and you keep the Import device's shared objects into Panorama's shared context box checked, this imports the firewall's objects as shared objects, unless there are duplicates. I'm wondering--how does Panorama identify any duplicates? Is it by the name of the object or other characteristics (s...

MDroyKT by L2 Linker
  • 11286 Views
  • 5 replies
  • 0 Likes

Management server failed to send phase 1 to client sslvpn

Hi All, Commit is getting failed on only Active unit while pushing it from Panorama. Commit Failed from Panorama Error : Management server failed to send phase 1 to client sslvpn Commit is failing only on Active unit while commit is successful on passive unit. Device Details: Panorama : M-500 PAN-OS : 9.1.8 Firewall : PA-5060 PAN-OS : 8.1.18...

Should you track failed login attempts and how ?

How important is it to configure an alerting/incident for failed login attempts to the Palo Alto Panorama or Firewalls. This is for: (1). SAML based authentication (2). Local logins. Should both of them be tracked and do we need to monitor the system logs for any particular "event" for both of them ?

Resolved! Panorama-Local Config Merge in HA

We have a project to clean up the Panorama environment in order to manage changes from Panorama as much as possible. We have a pair of 3020 in A/P HA, already synced to Panorama with some local overrides. I performed the exact steps recommended by Palo on another HA set and it failed initially but was eventually fixed once we figured that "force...

Resolved! Trying to understand how a certificate profile is used for External Dynamic Lists (EDL)

Hello all, I currently have an issue with my firewalls not downloading External Dynamic Lists. Seems to be a certificate profile issue that arose from migrating into Panorama. I am guessing something went wonky with importing the certs, and then pushing them back out to the devices in a device template. I am still working on that! But can some...

Template Variables for Global Protect

Hello, I am wondering if it is possible to set a template variable for for a GlobalProtect tunnel interface? I am trying to configure 2 Gateways and 1 portal for the template. I have reference the Multiple Gateway document. (https://docs.paloaltonetworks.com/globalprotect/10-0/globalprotect-admin/globalprotect-quick-configs/globalprotect-multipl...

Resolved! Public CIDRs over VPN to Oracle Cloud Infrastructure

I have setup a valid VPN connection to Oracle Cloud Infrastructure leveraging to IPSEC tunnels and we can route traffic like ICMP with no problem. When trying to access public cloud services via the VPN with private transit routing through the tunnel into the Oracle Virtual Cloud Network, we simply get no response and se no traffic going over th...

Is Panorama VM able to use the Software NGFW Credits

Hi, I would like to ask if the Software NGFW Credits in Panorama VM deploy in ESXI server? I have successfully use the credits in my PA-VM, but I unable to use it on my panorama vm. Hence, may I know is there anyone has the experience to use the software credits in panorama vm? Thanks

ChinLong by L0 Member
  • 2043 Views
  • 2 replies
  • 0 Likes

Panorama DLP question

Hello, I have tried to enable Enterprise DLP feature on Panorama on-prem. I have installed the DLP plugin on Panorama and firewalls. The firewalls have DLP license activated. But when I try to create a security policy with DLP Data filtering profile, I get this error during firewall commit: Error: Failed to parse security policy (Module: devi...

Resolved! Maximum Panorama version verification

Hi all, New to Palo Alto firewalls and have a question about the maximum version of Panorama that is compatible with the NSX plugin. Am I reading this correctly that the max compatible version of Panorama is 10.2.x for version 5.0.1 of the NSX plugin? Here is a link to the doc I am referring to. I also attached a screenshot of the NSX sectio...

SCollum by L0 Member
  • 1897 Views
  • 1 replies
  • 0 Likes

Resolved! Link to Panorama demo site

Hi All I have the link to the PAN Firewall demo site (https://us1.demo.paloaltonetworks.com) but have forgotten the URL link to the Panorama demonstration site, can someone please help or direct me to the correct Panorama link.

Resolved! Intrazone rule - Can`t ssh

Hi,We have a case where a person is trying to ssh from zone "Safe" to zone "Safe". The src (a backup orchistrator) and dst (a compute) are though in different subnet. In this case he is not able to connect, but can ping.As I understand since the src and dst ip addresses are in the same zones, this traffic is going through the Intrazone rule, and...

Resolved! Panorama out of sync with deviating device and fails with "<Address_Object_Name> is not a valid reference"

A Panorama push was interrupted and now I cannot push changes to devices. Address object names configured on Panorama were changed to new names, but the new names cannot be pushed to devices because the old names previously acquired from the Panorama, which are still configured in the device, no longer exist in Panorama.Address object is used to...

ITGuy by L0 Member
  • 5149 Views
  • 2 replies
  • 1 Likes

upload intermediate certs

We would like to avoid the need to create PEM certs that are copy-paste of text codes as we need to upload many certs on a regular basis. When we upload PKCS12 files - they don't seem to include an intermediate. OTOH it is unclear if one can upload an intermediate and refer to it as such. I was thinking of uploading it into the root CA store but...

veredgf by L0 Member
  • 1523 Views
  • 1 replies
  • 1 Likes
  • 845 Posts
  • 47 Subscriptions
Top Solution Authors
View All
Top Liked Posts
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks