cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

Zone Protection profile pushed from Panorama to VM-100 in Azure

L1 Bithead

Hi all,

 

I am having recurring issues deploying zone protection profiles for VM series firewalls in Azure, from Panorama templates, revolving around SCTP settings, whenever I try to push the template the commits are failing with the below error -

 

  • Details:
  • . Validation Error:
  • . network -> profiles -> zone-protection-profile -> Untrusted_Zone-VM100 -> flood -> sctp-init constraints failed : SCTP security is not enabled
  • . network -> profiles -> zone-protection-profile -> Untrusted_Zone-VM100 -> flood -> sctp-init is invalid

However the SCTP settings are not configured on the profile, the tick box is unchecked and settings unchanged.

 

Enabling SCTP allows for it to be accepted, but I don't want to unnecessarily enable it across all the firewalls, it's not enabled on the hardware based firewalls, so why should I have to on the VM series firewalls?  Has anyone else had this issue before,  I feel it must be something obvious I am missing but I can't seem to see it?

 

Thanks.

Tony.

Who Me Too'd this topic