- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-10-2022 03:12 PM - edited 07-10-2022 03:17 PM
Service object injected from Panorama, local view on firewall says destination port [ object Object ].
Thank you very much as always.
Can you support and help me by confirming if this is completely normal behavior.
I have a Panorama and I am injecting a new service to two firewalls in HA that share the same Template/Template Stack.
Well my doubt is because if I enter the firewall where it was already correctly injected/push the config the object is like:
Test Object:
Test, it appears in yellow marking that it has been injected from Panorama and but in the column, to see the destination port does not appear the tcp port, which was set from Panorama Device-Group, it only says [ object Object Object ]. If I go, for example, to look at the security policy used by this service and query for the value of the service, I get Name: test Protocol: TCP port: 8888.
In the local firewall Web-Gui:
From PANORAMA WEB-GUI View:
Please can you tell me if this is a totally expected behavior, that when checking directly and locally the object, in yellow, as it comes from Panorama, it only says [ object Object Object ] in the destination port section, but if I check it in the policy when querying for the value if it appears.
Thank you very much, I remain attentive, best regards.
07-10-2022 10:37 PM - edited 07-10-2022 10:37 PM
Thank you for update @Metgatz
you were hitting this bug: PAN-141515 that was fixed in 9.1.4.
Kind Regards
Pavel
07-10-2022 06:05 PM
Thank you for the post @Metgatz
no, this is not expected. The destination port should show up the same way as configured in Panorama.
It looks like you are running on Panorama 9.1.X. Personally, I have been running all versions in 9.1 up to the latest and never hit this kind of issue. Could you please confirm what version you are using on Panorama and Firewall side? Are you able to reproduce this issue or was this just one time thing?
Kind Regards
Pavel
07-10-2022 07:20 PM - edited 07-10-2022 07:23 PM
07-10-2022 07:44 PM
Hello, thank you very much for your reply.
I generated a new service and the same thing keeps happening, in the view directly from the firewall, the destination port is not displayed.
Therefore what I chose was to upgrade the firewalls from 9.1.3 to 9.1.4. Although the strange thing is that if Panorama is in version 9.1.4 and the firewalls in 9.1.3, this at the level of logic and according to the documentation of Palo Alto Networks should work and not have any compatibility problems, however there was that display problem, so do the Upgrade to version 9. 1.4 of the Firewalls, and after that, the service is displayed correctly, showing its tcp destination port, the new one and the one created before, in the web-gui of the firewall directly.
Thank you, best regards
07-10-2022 10:37 PM - edited 07-10-2022 10:37 PM
Thank you for update @Metgatz
you were hitting this bug: PAN-141515 that was fixed in 9.1.4.
Kind Regards
Pavel
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!