Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Template stack is partial empty???

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Template stack is partial empty???

L1 Bithead

Hello,

I've got strange behaviour of tamplates and template stack in Panorama. When I configure User Identification - PA Network User-ID Agent, tose settings are not visible unde template stack. Setting on this same tab - Server Monitoring and Include/Exclude Networks are visible in template and can be push to devices. 

Template, red marked visible changes, in seetings also I set username, password etc.

 

MarKra_1-1668084614595.png

 

Template stack. As you see, marked settings are diffrent. I have only one template, it's new installation.

MarKra_2-1668084697838.png

 

On devices, as you see some settinge are pushed properly, some, marked red as in template stack. They are default and empty (username and password). So result is obviously Access denied :(.

MarKra_3-1668084800855.png

 

 

Any idea what is wrong? I'm new in Palo, but this should be logical and simple.

6 REPLIES 6

Cyber Elite
Cyber Elite

Hello @MarKra

 

thank you for posting!

 

The behavior you described is not expected. I tried the same with PAN-OS 10.1.7 and it worked. All the configuration including "Enable Probing" that was configured in a Template was reflected in a Template Stack.

 

What PAN-OS version are you running? What happens if you override the setting directly in Template Stack?

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

It's 

VM Mode VMware ESXi
Licensed Capacity (devices) 25
Software Version 10.2.3

 

When I try do changes directly in template stack, they are gone and back to default values. This is happen in section PA Network User-ID Agent, other section - Server Monitoring and Include/Exclude Networks works properly.

I've already tried make a new template stack and attach to it existing tamplate. Same effect, nothing change.

Cyber Elite
Cyber Elite

Thank you for reply @MarKra

 

I went through release notes for 10.2.3, but could not find any related bug. From screen shots you provided, the configuration looks correct. I would advice to open a TAC ticket to confirm this is a bug.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

L1 Bithead

I've first noticed this bug on PAN-OS 10.2.2. I think it's a GUI only bug, if you check the settings from cli configure, you will see that the settings gets populated:

"show user-id-collector setting"

I would say that the access denied comes from another problem (most of the time windows firewall in my cases)

Similarly i have noticed that the gui options in Panorama under device - user identification do not match the options under the same menu on the gateway. I'm running panorama PanOS 10.1 and gateway PanOS 9.1.

  • 2447 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!