Panorama Discussions | Palo Alto Networks

Welcome to the Panorama Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Multiple Virtual Routers in a single system - Issues with Failover in an Active/Standby setup

Hello,

We have a pair of PA5050 appliances that operate dual virtual-routers in order to provide dual ISP connectivity using eBGP between them. We also have some site to site and AWS VPNs terminating on VR1 and GlobalProtect VPNS terminating in VR

...

Configuring shared interfaces, VLAN interface and virtual switch On Vsys

I am looking for information on following configuration. Reference document, link or video will be a great help.

- How to set up a shared interface for multiple V-sys?

- How to set up VLAN interface (L2/L3) on specific V-sys?

- Do we have a virtual

...

Resolved! Issue with Panorama import

While doing policies import to newly added FW , mistakenly i didn't uncheck the box as shown below in the snapshot ( "Import device's shared object into Panorama shared context ...." , consequently Panorama imported FW template in already created Dev

...

Panarama migration M-100 to M-200

So I have been running my Panorama on an M-100 since I inherited it, now the M-100s are end of life and it is time to move on. So I bought an M-200, seemed reasonable at the time. Now trying to migrate, after working with TAC for a couple of weeks,

...

Logging service license not assigned from Panorama to FW

There's deployment with Panorama and currently one HA PA pair managed by it. Panorama sitting at 9.1.5, firewalls at 9.1.4.

Cortex Data Lake license is assigned to Panorama and seen in the Panorama -> Licenses section. In order for the firewalls to se

...

changing a gateway's management IP?

If i have a gateway managed via Panorama, what would be the steps needed if that gateway's management IP needs to change?

The actual change of IP is straight forward. But then what about the changes needed between Panorama and that gateway?

Resolved! Is Panorama running on 10.1 the only version able to generate a stats dump file for managed firewalls

Is Panorama running on 10.1 is the only version able to generate a stats dump file for managed firewalls? Seems crazy to me but that's what I've been told, how are large customers pulling Stats Dump Files across 100+ firewalls? I'm sure it can be scr

...

Resolved! Panorama (eth1/1) to firewall (Loop0 or vlan interface) configuration push

Panorama (eth1/1) to firewall (Loop0 or vlan interface) configuration push

Hey guys

Not sure if it's a valid solution but I need your advise.

Panorama - M500

FW - PA3220

Scenario 1: Panorama (MGT Interface) <---------- (MGT Subnet) ---------

...

Resolved! Panorama different Dynamic Update Sections

Trying to figure out what Panorama > Dynamic Updates are used for, the Device Deployment updates make sense but not sure what Panorama > Dynamic Updates is actually doing if anything..

Panorama > Device Deployment > Dynamic Updates vs Panorama > Dyna

...

Okta SAML with Panorama - No Self-Signed Cert allowed now

I have a question about the Common Name used on the cert for Panorama SAML login with Okta. Palo is not allowing self-signed cert for SAML anymore and requires the cert to be signed by a 3rd part CA. I need help understanding what Common Name to use

...

Resolved! Network Interface not pushed from Panorama

Hello,

We need to add an extra IP Range to route out one of the existing sub interfaces on the Palo Alto firewall.

The change has been committed and pushed in Panorama but is not showing on the firewall.

Both using version 8.1.3

Firewall network interf

...

Resolved! Panorama: why can't we edit Application settings in Device Groups?

Specifically, why can't we disable the SIP ALG in Panorama, in order to push that out to the firewalls? Even more specifically, why isn't that option available in the Panorama GUI?

It's a real pain having to manually change that on each individual f

...

PAN-OS command for view a rule

Hello,

I am looking for a command in PAN-OS for view one rule created by GUI but I can't find it.

I want to view a rule configured searching it by rule name or by rule number. Best the first option.

Anybody can help me?

Thanks in advance

Update Remote Firewalls from Panorama Fails

Got a bunch of firewalls, and anytime I try to do an install of software from Panorama, I get errors along the lines of "Failed to download PanOS_xxxx-n.n.n. Download error: Couldn't connect to server"
If I go to the firewall appliances themselves, I

...

Resolved! Panorama ingestion from syslog

Is it possible to configure Panorama to ingest syslog messages from a non-Cortex source? I would like to send my VPN logs to Panorama but am not seeing anything but Traps as an option when configuring the ingestion profile.

Discussions

Welcome to the Panorama Discussions!

Rules and Best Practices

Multiple Virtual Routers in a single system - Issues with Failover in an Active/Standby setup

Configuring shared interfaces, VLAN interface and virtual switch On Vsys

Resolved! Issue with Panorama import

Panarama migration M-100 to M-200

Logging service license not assigned from Panorama to FW

changing a gateway's management IP?

Resolved! Is Panorama running on 10.1 the only version able to generate a stats dump file for managed firewalls

Resolved! Panorama (eth1/1) to firewall (Loop0 or vlan interface) configuration push

Resolved! Panorama different Dynamic Update Sections

Okta SAML with Panorama - No Self-Signed Cert allowed now

Resolved! Network Interface not pushed from Panorama

Resolved! Panorama: why can't we edit Application settings in Device Groups?

PAN-OS command for view a rule

Update Remote Firewalls from Panorama Fails

Resolved! Panorama ingestion from syslog

Using Panorama to change controlled firewalls Active/Passive

Unable to change system mode

Error pushing templates from PANORAMA to PA850 device

Process to Rebuild Panorama with Prisma Access & Prisma SDWAN

Panorama - HA - Last primary-suspended state reason: User requested

Re: Using Panorama to change controlled firewalls Active/Passive

Re: Using Panorama to change controlled firewalls Active/Passive

Re: Using Panorama to change controlled firewalls Active/Passive

Re: Loading firewall context in CLI

Re: Panorama upgrade to 10.2.11 - Incomplete log entries

Unlock your full community experience!

Rules and Best Practices

Resolved! Issue with Panorama import

Resolved! Is Panorama running on 10.1 the only version able to generate a stats dump file for managed firewalls

Resolved! Panorama (eth1/1) to firewall (Loop0 or vlan interface) configuration push

Resolved! Panorama different Dynamic Update Sections

Resolved! Network Interface not pushed from Panorama

Resolved! Panorama: why can't we edit Application settings in Device Groups?

Resolved! Panorama ingestion from syslog