This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.
About Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.

Discussions

Start a conversation

Welcome to the Panorama Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4845 Views
  • 0 replies
  • 0 Likes

Panroma using public ip

Hi, we are using multiple paloalto firewall .To manage centrally we are using panorma .But current configuration working through site to site vpn . Can we established the connectivity through internet .It will help us even if the site to site vpn is disconnected. Is it possible in Panorma ?

Resolved! Panorama Rest API - Add ae subinterface

Hello everyone! I am planning to create around 200 new subnets on my firewall managed by Panorama template. We plan to restructure our network. I want to do this via the Rest API of Panorama. I was able to create a ae interface via the API, no problem. But I cannot create subinterfaces for this ae interface. We are running Panorama 10.1.3-h1. ...

Error: . IPSec Tunnel IPSEC_FWNCACAL2_Tun196 Tunnel Interface tunnel.196 has no virtual-router configured.

Hi, I'm setupping an ipsec tunnel for the first time thru Panorama. When I try to push, I got this error: . IPSec Tunnel IPSEC_FWNCACAL2_Tun196 Tunnel Interface tunnel.196 has no virtual-router configured. I verify all setting including the tunnel under interface menu, and the tunnel got the default router selected, but I'm still got the sam...

Panorama Administrators API

Hello Folks,I'm trying to integrate panorama with IGA tool for user access management. We want to create/modify/delete users in Panorama Administrators. Do we have any APIs to achieve this? With this PAN-OS REST API documentation I'm not able to find anything related. Appreciate your help on this.Panorama

Log Collector Redundancy

Hello, We want to configure log redundancy. Below is our infra: 1. Two Locations, both locations is active. 2. In both locations having PA appliances in HA & Panorama VM in panorama mode. 3. Panorama HA is configured between both Panorama. Below is our requirement: How we can achieve log redundancy ? Location 1 PA NGFW logs 1st forward to ...

Resolved! Migration from Panorama M-500 to M-700 - Feedback/Input

I am in the process of planning the best way to approach my Migration from Panorama M-500s to Panorama M-700s. I currently have 2 Panorama M-500s in HA, and 2 M-500s as dedicated log collectors. I have my M-700s setup in the DCs and trying to figure out the best and easiest way to get this migration completed. The 700s Panoramas now have d...

Errors when pushing template to new Palo

I have managed to do a full push of a new template to a new firewall for a migration but I am getting a few errors. They are all related to the virtual router no being configured and one interface ae3.16 is not valid. In my template I have the VR set to default as the current Palo is also using. ae3.16 is reference to use this VR.. why am I g...

MAllen_0-1754649764711.png
MAllen_1-1754649937887.png
M.Allen by L1 Bithead
  • 683 Views
  • 0 replies
  • 0 Likes

Resolved! Correct process for adding new firewalls to panorama and then migrating

I am migrating 820's to 3410s. What is the correct process for adding the two new palos in HA and pushing the new templates and adding them to a device group. Basic configuration is in place. I have cloned the template I wish to use amended the interface settings and added the 3410s to the new stack. When pushing the template I get the error...

MAllen_0-1754595694198.png
M.Allen by L1 Bithead
  • 5065 Views
  • 4 replies
  • 0 Likes

WildFire job stuck at 49% on Panorama M-200 Appliance

Panorama M-200 hung on an active job at 49%. At this writing, it is pushing an hour. Started the upgrade from 10.1.x to 11.1.6-h10. Upgrades through 10.2.0 and 11.1.0 seemed to have worked fine. There are a pair of M200s in HA. The other M200 finally finished the job after about 30 mins. Any ideas? What other details can I provide?

jadanet by L1 Bithead
  • 557 Views
  • 0 replies
  • 0 Likes

Resolved! Commit failure due to ha1-backup interface

I recently imported a new pair of ha firewalls into Panorama; however, when I push the template with the option force template value enabled, I receive the following error: ************************************************************************** High-availability ha1-backup interface ipaddr configured to match peer-ip-backup address ( module: ...

Panorama changes after static route added

We have added a static route to our Palo firewall through Panorama GUI and before committing the change when we compare the candidate config to running config it shows removal of some static route metrics for all static routes, even though we only added one new route. We have added routes in the past and this has not happened. We don't think thi...

Panorama SD-WAN Zone Mapping? No longer needed or no longer available?

I know this has been posted in the past, but I want to check if there are some new answers before reaching out to our SE. There is a "known issue" where the zone mapping tab was removed from Panorama. The current documentation still mentions the need to map the pre-defined zones to existing zones when adding the device to SD-WAN or via CSV. The ...

VRT-JH by L1 Bithead
  • 1109 Views
  • 1 replies
  • 0 Likes

Panorama REST API Discrepancy

Hi folks!I've got a pet project to automate the provisioning of our new site firewall templates via the Pano REST API. While doing some cursory looking, I noticed that there's no endpoint in the v11.1 API docs to interact with ethernet interfaces. I did some RTFM and noticed that previous API versions had the 'network/ethernetinterface' endpoint...

kyleb03 by L0 Member
  • 972 Views
  • 0 replies
  • 0 Likes

Can I Decrypt OpenVPN

Hello, I want to decrypt traffic to my OpenVPN server so I can perform URL filtering and IPS checks on users connecting to it. I have the OpenVPN server's CA certificate and key. Do you have any idea ?

push from panorama to PA firewalal failed because of " is already in use because of policy and NAT already in use)

Hi,We have panorama in 9.1.9 version and PA-220 in same version. we imported configuration from pa to panorama, added just e pôlicy rule and pushed again the template and device group to same firewall. but then we get always pushh failed with errors saying NAT rules and policy rules are already in use ! is that normal ? we have exactly the same...

Elwess by L0 Member
  • 12644 Views
  • 3 replies
  • 0 Likes
  • 845 Posts
  • 47 Subscriptions
Top Solution Authors
View All
Top Liked Posts
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks