This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.
About Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.

Discussions

Start a conversation

Welcome to the Panorama Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4879 Views
  • 0 replies
  • 0 Likes

Panorama template limitations

Hi Folks, We had recently migrated HA Firewall pair to Panorama. We had observed that after migration the HA Settings (HA peer IP address, device ID, etc), Management IP address are over-ridden locally on the firewall. I had gone through an documentation stating the limitation of templates. There it is mentioned as Configure the IP ...

So.... Crimea is gone?

Was trying to commit some shared objects and getting an interesting error: Validation Error: shared -> pre-rulebase -> security -> rules -> GeoBlocking_Outbound -> destination 'CE' is not an allowed keyword shared -> pre-rulebase -> security -> rules -> GeoBlocking_Outbound -> destination CE is an invalid ipv4/v6...

Lenz by L0 Member
  • 3256 Views
  • 1 replies
  • 2 Likes

Resolved! Dynamic apps and threats update failed for pattern 8510

We're running a PA-820 physical FW at software level 9.1.12-h3. I tried to manually update the apps and threats pattern published this morning (as we only update daily and it was published about 30 minutes after our system automatically checks). Downloading the pattern works fine, but when I try to install it, it gets to about 49%, then slows do...

SBDC by L1 Bithead
  • 6382 Views
  • 4 replies
  • 0 Likes

Resolved! Panorama log-collector

We have two panorama and newly upgraded to 10.1.3.-h1 and HA and Panorama mode. One log-collector group and two log-collectors . All devices are have them in prefer-list one of log-collectors has 0% avg log/sec . is it normal ?

JeffKim_0-1640199656569.png
JeffKim by L2 Linker
  • 23304 Views
  • 11 replies
  • 0 Likes

Resolved! Question about connection ID Panorama lr or ms

Hello team, What is difference between ID connection ms and lr? I see that daemon is different but I don't undestand the difference between both, Anybody has a sk or similar for I can understand it? I want to confirm that the forwarding is working correctly and why one shows only system logs and the other shows the others. Source IP : De...

Alpalo by L4 Transporter
  • 5046 Views
  • 1 replies
  • 1 Likes

Resolved! Need to upgrade the Panorama version to 9.1.12-h3 to mitigate log4j vulnerability

Hi Team, We are running Panorama on VM-Ware ESXI. We need to install 9.1.12 -h3 version but whlle going to software session to download 9.1.13 h3 we could see multiple PAN-OS versions in 9.1.12-h3 itself. Could anyone let us know which OS-Version we need to download. Had included the screenshots to the post.

tamilvanan_0-1640883861252.png
tamilvanan_2-1640883938750.png

Managing HA Settings of firewall locally instead of managing it from Panorama

Hi Folks, We had recently migrated HA firewall to Panorama using the below documentation Migrate a Firewall HA Pair to Panorama Management: ​ https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/manage-firewalls/transition-a-firewall-to-panorama-management/migrate-a-firewall-ha-pair-to-panorama-management.html As per below docum...

worldarchitecturenews.com is blocked in URL filtering by news category

The URL: worldarchitecturenews.com was earlier accessible through port 80 but later on it migrated to port : 443 and it became inaccessible. Giving block page when trying to access the URL. The URL is blocked under news category with no Application ID found and action is block-URL. Please suggest how to unblock this URL. So that it becomes ac...

Dhatwar by L0 Member
  • 2447 Views
  • 2 replies
  • 0 Likes

Packet Deny even if there is an allow rule

Hello, we're encountred an issue with SAAS service, we created a security rule but randomly we had issue during connection into the application, after packet capture, I saw a lot of tcp retransmission and client reset When I checked the panorama logs I saw that the rule is not matched and flow is denied but I dont understand why becau...

jguffroy_0-1640167686948.png
jguffroy_1-1640167824901.png
jguffroy_2-1640167920421.png
jguffroy by L0 Member
  • 3641 Views
  • 3 replies
  • 0 Likes

Resolved! HTTP Response traffic

Hi guys, I have been seeing that when making an http connection that goes through the PA firewall, the request is logged, but the return message is not, that is, when in panorama I filter the traffic by source ip I see the http request but I do not see the response from the server. I mean, I don't see any log with source ip = server destination...

viri4to by L0 Member
  • 3750 Views
  • 1 replies
  • 0 Likes

Resolved! Failure to Commit changes in Panorama after removing a firewall as managed device

I removed a firewall that is managed through Panorama by going to Panorama > Managed Devices > Summary, selecting my firewall then selecting delete. This removed the firewall for me succesfully. However, when I go to make a Commit in Panorama it throws an error saying When I search for that serial number in Panorama it sure enough comes ...

popeja_0-1640092986664.png
popeja by L2 Linker
  • 5792 Views
  • 3 replies
  • 0 Likes

Log4j

What would I look for in logs if I were looking to see we had already been owned by this?

Panorama upgrade to 10.1.3-h

Panorama mgmt has been upgraded from 9.1.10 to 10.0.0 and then to 10.1.3-h. Post the upgrade, logs are not showing up in the monitor and not able to commit any changes. Palo alto firewalls are running with 9.1.6 version; is it a compatibility issue between PAN and firewall. If so what's the best solution. Can we upgrade Palo firewall to 10.0 ve...

Resolved! New Object not showing in Panorama

Hello, We are trying to build templates with IP addresses that are relevant to a device group. I have created a TEST_TEMPLATE under Panorama>Templates with NO devices added yet. Then created 'CORP' in the Device Groups.After this, created a device group object: Test_Object and commit to Panorama: successful.Under Network>Interfaces, tried ...

Farzana by L4 Transporter
  • 6158 Views
  • 3 replies
  • 0 Likes
  • 847 Posts
  • 47 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks