Panorama mgmt has been upgraded from 9.1.10 to 10.0.0 and then to 10.1.3-h. Post the upgrade, logs are not showing up in the monitor and not able to commit any changes.
Palo alto firewalls are running with 9.1.6 version; is it a compatibility issue between PAN and firewall. If so what's the best solution. Can we upgrade Palo firewall to 10.0 version or we have to format PAN VM and reconfigure with the backup snapshot?
Thank you for the post @ITISNetwork
Based on my experience after Panorama upgrade it can take up to 1 hour to logs be searchable. If you have just finished upgrade, I would wait a bit. This should not be related to any compatibility. As long as Firewall is running lower PAN-OS version than Panorama will work.
Thank you Pavel for the reply; that's a great news. However I was referring to one of the article and it says if PAN is running with 10.1 ver then Palo firewall should be running with 10.0 version.
Also when we are trying to commit the changes; it is showing an error that the address object group is static and not valid
Thank you for update @ITISNetwork
If logs are still not showing after 1 hours. Could you please check status of ElasticSearch of log collector:
Thank you for quick reply @ITISNetwork
As next thing I would be looking into whether all services are running by checking below from Panorama's CLI:
show system software status
show log-collector-es-cluster health
I would also check for any errors in log: tail lines 200 mp-log ms.log as well as under: Monitor > Logs > System.
Have you tried to reboot Panorama?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!