This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.
About Panorama Discussions
Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.

Discussions

Start a conversation

Welcome to the Panorama Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4911 Views
  • 0 replies
  • 0 Likes

Resolved! Restore Panorama after hardware failure

How do I restore Panorama configuration? I do a "Scheduled Config Export" every night. Old Panorama VM had to be rebuilt from scratch. No access to old VM. I have rebuilt the VM from OVA. When I try to "Import name Panorama configuration snapshot" per restore documents I get an error that the file is not an .xml. What is the procedure to use...

Joel_W by L1 Bithead
  • 7118 Views
  • 3 replies
  • 0 Likes

Tagging all ENIs in AWS with Panorama plugin

The AWS plugin grabs tags of ENIs for EC2 and ALB. It does not get tags for ELB Classic, or ECS or any other ENIs as far as I can tell. I want to be able to control traffic with tags on ENI's attached to things other than ALB/EC2 (e.g. ECS container ENIs, AWS-offered services, etc). Has anyone found a way to get these tags and put them into p...

what is the difference between "commit to panorama" and "save changes"?

I do see commit and config options in Panorama. I am aware that commit option is used to push configuration to Panorama and then to Managed firewalls. I would like to know when to use "save changes" and what is it for under config options.if possible , Please also explain about Lock option. Lock option is used to lock commit when multiple users ...

perumalj by L2 Linker
  • 3895 Views
  • 1 replies
  • 0 Likes

HIP-PROFILES IS A DUPLICATE NODE ERROR

Hello , I got a strange situation on my Panorama 10.0.7 software version . When i'm trying to push security policies from it to managed firewall from a lower OS version like 8.1.x i'm receiving this " hip-profiles is a duplicate node " error . As i understood after some researches is that Panorama is using this HIP-Profile feature , and the ...

Nicu21 by L1 Bithead
  • 2725 Views
  • 1 replies
  • 0 Likes

Is there a way to see all raw data collected by GlobalProtect APP ?

Hi, I see in the below document, that you need to create HIP Object/Profile to view the raw host data collected by the GlobalProtect APP. My question is there a way to skip this step and see all raw host data collected by GlobalProtect APP without defining the HIP object/profile ? https://docs.paloaltonetworks.com/globalprotect/9-1/globalprote...

saswins by L1 Bithead
  • 2282 Views
  • 1 replies
  • 0 Likes

Panorama template limitations

Hi Folks, We had recently migrated HA Firewall pair to Panorama. We had observed that after migration the HA Settings (HA peer IP address, device ID, etc), Management IP address are over-ridden locally on the firewall. I had gone through an documentation stating the limitation of templates. There it is mentioned as Configure the IP ...

So.... Crimea is gone?

Was trying to commit some shared objects and getting an interesting error: Validation Error: shared -> pre-rulebase -> security -> rules -> GeoBlocking_Outbound -> destination 'CE' is not an allowed keyword shared -> pre-rulebase -> security -> rules -> GeoBlocking_Outbound -> destination CE is an invalid ipv4/v6...

Lenz by L0 Member
  • 3285 Views
  • 1 replies
  • 2 Likes

Resolved! Dynamic apps and threats update failed for pattern 8510

We're running a PA-820 physical FW at software level 9.1.12-h3. I tried to manually update the apps and threats pattern published this morning (as we only update daily and it was published about 30 minutes after our system automatically checks). Downloading the pattern works fine, but when I try to install it, it gets to about 49%, then slows do...

SBDC by L1 Bithead
  • 6454 Views
  • 4 replies
  • 0 Likes

Resolved! Panorama log-collector

We have two panorama and newly upgraded to 10.1.3.-h1 and HA and Panorama mode. One log-collector group and two log-collectors . All devices are have them in prefer-list one of log-collectors has 0% avg log/sec . is it normal ?

JeffKim_0-1640199656569.png
JeffKim by L2 Linker
  • 23622 Views
  • 11 replies
  • 0 Likes

Resolved! Question about connection ID Panorama lr or ms

Hello team, What is difference between ID connection ms and lr? I see that daemon is different but I don't undestand the difference between both, Anybody has a sk or similar for I can understand it? I want to confirm that the forwarding is working correctly and why one shows only system logs and the other shows the others. Source IP : De...

Alpalo by L4 Transporter
  • 5086 Views
  • 1 replies
  • 1 Likes

Resolved! Need to upgrade the Panorama version to 9.1.12-h3 to mitigate log4j vulnerability

Hi Team, We are running Panorama on VM-Ware ESXI. We need to install 9.1.12 -h3 version but whlle going to software session to download 9.1.13 h3 we could see multiple PAN-OS versions in 9.1.12-h3 itself. Could anyone let us know which OS-Version we need to download. Had included the screenshots to the post.

tamilvanan_0-1640883861252.png
tamilvanan_2-1640883938750.png

Managing HA Settings of firewall locally instead of managing it from Panorama

Hi Folks, We had recently migrated HA firewall to Panorama using the below documentation Migrate a Firewall HA Pair to Panorama Management: ​ https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/manage-firewalls/transition-a-firewall-to-panorama-management/migrate-a-firewall-ha-pair-to-panorama-management.html As per below docum...

worldarchitecturenews.com is blocked in URL filtering by news category

The URL: worldarchitecturenews.com was earlier accessible through port 80 but later on it migrated to port : 443 and it became inaccessible. Giving block page when trying to access the URL. The URL is blocked under news category with no Application ID found and action is block-URL. Please suggest how to unblock this URL. So that it becomes ac...

Dhatwar by L0 Member
  • 2469 Views
  • 2 replies
  • 0 Likes

Packet Deny even if there is an allow rule

Hello, we're encountred an issue with SAAS service, we created a security rule but randomly we had issue during connection into the application, after packet capture, I saw a lot of tcp retransmission and client reset When I checked the panorama logs I saw that the rule is not matched and flow is denied but I dont understand why becau...

jguffroy_0-1640167686948.png
jguffroy_1-1640167824901.png
jguffroy_2-1640167920421.png
jguffroy by L0 Member
  • 3691 Views
  • 3 replies
  • 0 Likes
  • 853 Posts
  • 47 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks