This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Impossible to migrate an ae interface to a different speed in Panorama?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Impossible to migrate an ae interface to a different speed in Panorama?

J.Morgan425685
L0 Member

‎06-10-2026 09:57 PM

Quite new to Panorama, but have been working with Palo Alto standalone firewalls for a little while.

 

Client has 2 Active Passive HA FW's in Panorama and an ae1 interface with 4x 1G interfaces as members.

They want to switch this to 4x of the 10G interfaces during an outage window.

Am I right that I should be able to just remove the 4x 1G members, add the 4x 10G members in the template in panorama and the commit to the devices? 

 

Client seems to think that this isn't possible, they read somewhere Panorama wont allow it - apparently some sort of order of operations issue where it wont work due to the mixed speeds, though at no point would we have a mix of interfaces at the same time, but they can't find where they read the supposed article. They believe an export, manual config edit and import is the only way...

 

Has anyone done this exact change and can confirm ? 

 

0 Likes Likes
1 REPLY 1

PavelK
Cyber Elite

‎06-13-2026 10:13 PM

Hello @J.Morgan425685

 

thank you for posting!

 

Unfortunately, I have not done this exact the same operation before, so I can't speak for my own experience, however I spent some time to go through KB articles and documentation. I did not come across any article that reassembles concern of your customer. While there are some limitations what can be configured with AE interfaces from Panorama:

Firewall commit failing with error "aeX 'aeX' is invalid" when new Aggregate Ethernet configuration ...

Push from Panorama to Firewall fails due to invalid configuration - poe is invalid. Not a PoE port 

 

this operation is fully supported:  Configure an Aggregate Interface Group. Especially taking into consideration your customer will arrange maintenance window, I do not see any blocker. If you get an error while committing or pushing configuration to managed Firewall, I would start troubleshooting here based on actual error. In the case you run into an issue with configuration / pushing errors, below commands are helpful to drill down the issue:

Panorama side: mp-log configd.log

Firewall side: mp-log devsrv.log

 

Kind Regards

Pavel 

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
  • 127 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks