08-23-2022 02:15 AM
We have a PA-440, running 10.1.3. We have registered the firewall earlier, the Panorama connectivity was fine, we have attached the device to template stacks etc. All looked good. However there was a need to add another template to the stack, and the new template had new values regarding panorama server settings, domain name etc. Since the addition of the new template Panorama connectivity broke.
Support case was opened, tech support file generated, we had live sessions with Paloalto support, provided them GUI and SSH access to both the managed firewall and Panorama. The case is almost two weeks old. We did the "basic" tshoot steps: reboot, sc3 reset etc. Interestingly after the sc3 reset, we generated a new registration auth key and applied it to the Firewall. After that Panorama connectivity restored, but only to the primary Panorama (we have an HA setup). the show panorama-status command shown only the primary Panorama connected. Support suggested to register the firewall manually to the secondary Panorama, after that only the secondary Panorama is connected.
The case is not progressing, I hope someone else faced similar problems like this.
What bothers me how vulnerable the Panorama-FW connectivity is (compared to other vendor's similar solutions) and how long it takes to the support to resolve it...I am afraid that we will need to wipe the box clean and configure it again from scratch.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!