This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Hide/show local configuration objects

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Hide/show local configuration objects

treysgrun
L1 Bithead

‎06-10-2022 04:16 PM

Was running 9.1 on all firewalls.  10.0 on Panorama.  Then something stupid happened and couldn't sync my HA pairs. I was forced to upgrade everything to 10.1.5.

 

In the name of all that's stupid, on my local firewalls, when I log in, it shows me both the locally configured ipsec tunnel and the panorama configured tunnel object (the green gear). Is it possible to show me just ONE????

 

I have been searching for the last 2 hours for how to hide one or the other - the local or template pushed configuration elements, I don't really care which since they should be identical, and I'm sure it's simple, but why isn't it obvious.  Screenshot for reference - we have over 300 tunnels:

treysgrun_0-1654902933046.png

 

 

 

0 Likes Likes
2 REPLIES 2

aleksandar.astardzhiev
Cyber Elite
Cyber Elite

‎07-07-2022 06:02 AM

Hi @treysgrun ,

This shouldn't be happening. If overlapping configuration exist between local and panorama pushed, you should see green with yellow gear next to the object. This could be somekind of cosmetic bug caused by combination of sync issue and upgrade.

 

Try the following on the firewall:

- Select tunnel interface, not clicking the name, but rather check the checkbox)

- Click on "Override" button at the bottom. This should open the interface edit dialog, without changing anything click OK.

- Check if now you see only one entry for that interface

- Select the tunnel again and click "Revert" at the bottom.

- You should see single entry with the green gear next to it.

- Commit locally on the firewall.

0 Likes Likes

treysgrun
L1 Bithead
In response to aleksandar.astardzhiev

‎07-25-2022 10:07 PM

Thanks very much for your help.  Your reply seemed reasonable, I have used the override function in the past - mostly when troubleshooting specific problems syncing the local firewall to panorama.  In this case, on the local firewall, there is no "override" option:

 

treysgrun_0-1658811928930.png

 

I am scared to both try and delete the duplicate tunnel, and remove and re-connect the firewall to Panorama.

 

TAC has told me this is a bug, but it's very annoying to think I might have to upgrade again to address another bug.

0 Likes Likes
  • 1789 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks