About PavelK

Thank you for reply @Metgatz   could you confirm in Panorama that Firewalls are sending System/Configuration logs? Could you login to log collector, then issue: show logging-status device <Serial Number of one of the Firewall> In the bottom part of the output, there should be entry for config and system logs with "Last Log Rcvd". If you see that logs are coming in, then the issue is within Panorama.   Could you also confirm that under: Collector Group > General > Log Storage > Log Storage Settings > Infrastructure and Audit Logs, there is allocated quota?   Kind Regards Pavel ... View more

Hello @darrenchew   you can upgrade directly from 10.1.5-h2 to 10.1.6-h3.   Kind Regards Pavel ... View more

Hello @Metgatz   could you confirm that Panorama managed Firewalls are configured to send system and configuration logs to Panorama? Please refer in Firewall to Device > Log Settings > System/Configuration. Make sure that "Panorama" check box is selected.   Kind Regards Pavel ... View more

Hello @PPradhan   would it be possible to share the logs where you see this happening?   Kind Regards Pavel ... View more

Hello @PPradhan   this KB: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCQlCAO gives best answer. In nutshell, the log is showing as allowed as it is not blocked by security policy itself (6 tuple), however traffic if processed further by L7 inspection where it is getting block based on threat signature, therefore this session is in the end blocked with end reason threat.   Kind Regards Pavel ... View more

Hello @DeepakVerma   for received routes, you can use:   show routing protocol bgp loc-rib peer <peer name>   For advertised routes, you can use:   show routing protocol bgp rib-out peer <peer name>   Kind Regards Pavel ... View more

Thank you for the post @rbabu0   in nutshell, unless Firewall's related setting (serial number registration, assignment to DG/TS, log collector assignment) has been deleted from Panorama side, all you have to is to make sure that Firewall is configured with Panorama's IP address and all the required ports are enabled between Firewall and Panorama, then all should work again. Below is detailed break down:    In order to re-enable Firewall to be registered and managed by Panorama make sure that below settings are in place on Firewall side: - Navigate to Device > Setup > Management > Panorama Settings > Edit > Panorama Servers. Make sure that Firewall has configured IP address of Panorama (Secondary IP address is used only in the case you have Panorama in HA). - Make sure that Firewall can reach Panorama IP address. By default management interface will be used for registration to Panorama. - If your L3 Team has used the feature: "Disable Panorama Policy and Objects" & "Disable Device and Network Template", then refer to this KB for recovery: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClffCAC   On Panorama side, make sure that below configuration is in place: - Panorama registers Firewall with Firewall's serial number. Since you mentioned that it was previously registered, likely you do not have to do anything unless somebody has completely deleted the Firewall from Panorama. Make sure that Device State under: Panorama > Managed Devices > Summary is reporting status: "Connected". - If you have to onboard Firewall to Panorama from scratch, please refer to this documentation for PAN-OS 9.1: https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-firewalls/add-a-firewall-as-a-managed-device For PAN-OS 10.1 and higher refer to this document: https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/manage-firewalls/add-a-firewall-as-a-managed-device The only difference between these 2 versions is the step to add authentication key. - Make sure that Firewall is added to Device Group and Template Stack for configuration pushing and log collector group for log collection.   Kind Regards Pavel ... View more

Hello @AungMyoHtet   would it be possible to get more information? Ideally could you please elaborate on configuration part that is not working well? Do you have any logs that confirm non functionality?   Kind Regards Pavel ... View more

Hello @kodeanuhya   as of now it is 10.0.10-h1. You can always refer to recommended version from below link:   https://live.paloaltonetworks.com/t5/blogs/faq-what-is-the-recommended-pan-os-version/ba-p/436023   Please note that PAN-OS 10.0 is end of life on 16th July 2022.   Kind Regards Pavel ... View more