- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-10-2022 04:55 AM
Hello,
I've got strange behaviour of tamplates and template stack in Panorama. When I configure User Identification - PA Network User-ID Agent, tose settings are not visible unde template stack. Setting on this same tab - Server Monitoring and Include/Exclude Networks are visible in template and can be push to devices.
Template, red marked visible changes, in seetings also I set username, password etc.
Template stack. As you see, marked settings are diffrent. I have only one template, it's new installation.
On devices, as you see some settinge are pushed properly, some, marked red as in template stack. They are default and empty (username and password). So result is obviously Access denied :(.
Any idea what is wrong? I'm new in Palo, but this should be logical and simple.
11-10-2022 03:51 PM
Hello @MarKra
thank you for posting!
The behavior you described is not expected. I tried the same with PAN-OS 10.1.7 and it worked. All the configuration including "Enable Probing" that was configured in a Template was reflected in a Template Stack.
What PAN-OS version are you running? What happens if you override the setting directly in Template Stack?
Kind Regards
Pavel
11-11-2022 02:17 AM
It's
VM Mode | VMware ESXi |
Licensed Capacity (devices) | 25 |
Software Version | 10.2.3 |
When I try do changes directly in template stack, they are gone and back to default values. This is happen in section PA Network User-ID Agent, other section - Server Monitoring and Include/Exclude Networks works properly.
11-11-2022 06:22 AM
I've already tried make a new template stack and attach to it existing tamplate. Same effect, nothing change.
11-13-2022 03:16 PM
Thank you for reply @MarKra
I went through release notes for 10.2.3, but could not find any related bug. From screen shots you provided, the configuration looks correct. I would advice to open a TAC ticket to confirm this is a bug.
Kind Regards
Pavel
11-28-2022 06:21 AM
I've first noticed this bug on PAN-OS 10.2.2. I think it's a GUI only bug, if you check the settings from cli configure, you will see that the settings gets populated:
"show user-id-collector setting"
I would say that the access denied comes from another problem (most of the time windows firewall in my cases)
08-03-2023 10:06 PM
Similarly i have noticed that the gui options in Panorama under device - user identification do not match the options under the same menu on the gateway. I'm running panorama PanOS 10.1 and gateway PanOS 9.1.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!