This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.
About Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.

Discussions

Start a conversation

Welcome to the Panorama Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4918 Views
  • 0 replies
  • 0 Likes

The Panorama IP has been changed on the firewall, but the firewall still has a session to the original IP

Panorama is used for management and log collection. The IP address of Panorama has not changed. There is a firewall outside Panorama, which maps the 3978 port of the firewall's exit IP to Panorama. The managed firewall was originally configured with the private network IP of panorama. Now it is changed to the mapped public network IP. After the ...

Wilbur by L1 Bithead
  • 5315 Views
  • 4 replies
  • 0 Likes

Dynamic Address Group values in Panorama

Is there a way to have the values from a dynamic address group show in Panorama if its placed in the group on a firewall itself? I was looking for a central place where a device can manually be removed from the group if needed and redistributed to all. The thought was for a dynamic address group for IPs that have a malicious wildfire event trigg...

Claw4609_0-1694441426570.png
Claw4609_1-1694441438604.png
Claw4609_2-1694441473457.png
Claw4609 by L5 Sessionator
  • 1088 Views
  • 0 replies
  • 0 Likes

Primary palo alto 220 missing on panorama but I can access it via CLI

Needing your help I'm newbie on Palo alto . We have a Panorama on one of our sites this is PA 200 before I'm seeing the primary on panorama but not its not. Although I can access it via SSH and use the CLI but when I run the show running sync-to-panorama command it was not on list. This panoramas are old ones and slow. The mgmt and policies are ...

weezy by L3 Networker
  • 3472 Views
  • 8 replies
  • 0 Likes

Terraform Panorama Nat Policy group panos_nat_rule_group on panorama is not working - Terraform version = "1.11.1"

Hi Team , We are testing the panos_nat_rule_group on panorama using terraform and somehow it is not working 1) Below is the official terraform documentation for Panorama Nat Policy grouphttps://registry.terraform.io/providers/migara/pan-os/latest/docs/resources/nat_rule_groupThe example provided is not working. When we do ‘terraform plan’ – it i...

Template stack override clear pending change

I mistakenly clicked an override on a template stack and now there are pending changes to be pushed to the firewalls. I tried the revert option in Panorama next to the commit button but it did not show any changes. I tried the Revert to running Panorama configuration and then selected one of the template stacks and clicked OK, when I click on...

HIP Notification + Windows Updates

I have HIP notifications set up when users do not have Microsoft patches greater than or equal 2 severity. I would like to only notify them if it is a Windows Update, specifically security updates. As of now, they are getting the notification for any patch from Microsoft with the severity greater than or equal to 2. I see in the GlobalProtect Ho...

Panorama managed devices lose configuration

On two occasions recently my firewalls stopped functioning correctly following a reboot.The first time affected a single firewall. I restarted the firewall in order to troubleshoot.The second time was after a software update. Both firewalls were rebooted.In both cases when the firewalls came back up they wouldn't process traffic correctly until ...

Template stacks and Vsys1

Hello, I am running into an issue when attempting to create a template stack and vsys1 not being able to be removed. I have a defined vsys that I want to use with all the necessary information already in it and as I start building out my stack I noticed that my preferred vsys is listed under Templates -> <Stack defined> -> virtual ...

generating a vm-auth-key - how to make it persistent

Hi All, On Panorama, is there a way to make a newly generated 'vm-auth-key' persistent so it can survive a reboot? request bootstrap vm-auth-key generate lifetime xxxx we want to set it to a lifetime of one year where we will auto deploy and scale VMs in AWS and have them auto register in Panorama thanks in adv

PA_nts by L4 Transporter
  • 1076 Views
  • 0 replies
  • 0 Likes

Resolved! How are duplicate shared objects identified in Panorama?

I know that when you migrate a firewall into Panorama and you keep the Import device's shared objects into Panorama's shared context box checked, this imports the firewall's objects as shared objects, unless there are duplicates. I'm wondering--how does Panorama identify any duplicates? Is it by the name of the object or other characteristics (s...

MDroyKT by L2 Linker
  • 11582 Views
  • 5 replies
  • 0 Likes

Management server failed to send phase 1 to client sslvpn

Hi All, Commit is getting failed on only Active unit while pushing it from Panorama. Commit Failed from Panorama Error : Management server failed to send phase 1 to client sslvpn Commit is failing only on Active unit while commit is successful on passive unit. Device Details: Panorama : M-500 PAN-OS : 9.1.8 Firewall : PA-5060 PAN-OS : 8.1.18...

Should you track failed login attempts and how ?

How important is it to configure an alerting/incident for failed login attempts to the Palo Alto Panorama or Firewalls. This is for: (1). SAML based authentication (2). Local logins. Should both of them be tracked and do we need to monitor the system logs for any particular "event" for both of them ?

Resolved! Panorama-Local Config Merge in HA

We have a project to clean up the Panorama environment in order to manage changes from Panorama as much as possible. We have a pair of 3020 in A/P HA, already synced to Panorama with some local overrides. I performed the exact steps recommended by Palo on another HA set and it failed initially but was eventually fixed once we figured that "force...

Resolved! Trying to understand how a certificate profile is used for External Dynamic Lists (EDL)

Hello all, I currently have an issue with my firewalls not downloading External Dynamic Lists. Seems to be a certificate profile issue that arose from migrating into Panorama. I am guessing something went wonky with importing the certs, and then pushing them back out to the devices in a device template. I am still working on that! But can some...

  • 854 Posts
  • 47 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks