About morahman

a ... View more

Below is the error is from attempting to keep the value to the "hip_profiles" argument as "any" in the secuirty policy rule-set.    An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # module.FW_TSA.module.FW_Security_Policies.panos_panorama_security_policy.TSA_FIREWALL_POLICIES will be updated in-place ~ resource "panos_panorama_security_policy" "TSA_FIREWALL_POLICIES" { id = "TSA_DeviceGroup:pre-rulebase" # (2 unchanged attributes hidden) ~ rule { ~ hip_profiles = [ + "any", ] name = "DENY_OUTSIDE_TO_OUTSIDE_GEO_BLOCK" tags = [] # (21 unchanged attributes hidden) } ~ rule { ~ hip_profiles = [ + "any", ] name = "ALLOW_OUTSIDE_TO_OUTSIDE_GP" tags = [] # (21 unchanged attributes hidden) } ~ rule { ~ hip_profiles = [ + "any", ] name = "ALLOW_DHS_ONENET_TO_OUTSIDE_GP" tags = [] # (21 unchanged attributes hidden) } ~ rule { ~ hip_profiles = [ + "any", ] name = "DENY_RFC1918_OUTSIDE" tags = [] # (21 unchanged attributes hidden) } ~ rule { ~ hip_profiles = [ + "any", ] name = "DENY_ANY_TO_OUTSIDE_ICMP" tags = [] # (21 unchanged attributes hidden) } ~ rule { ~ hip_profiles = [ + "any", ] name = "ALLOW_INSIDE_TO_DC_SERVICES" tags = [] # (21 unchanged attributes hidden) } ~ rule { ~ hip_profiles = [ + "any", ] name = "OUTSIDE_TO_TSA_WEST_ADMIN_TOOLS" tags = [] # (21 unchanged attributes hidden) } ~ rule { ~ hip_profiles = [ + "any", ] name = "ALLOW_OUTSIDE_TO_OUTSIDE_IPSEC" tags = [] # (21 unchanged attributes hidden) } ~ rule { ~ hip_profiles = [ + "any", ] name = "ALLOW_TUNNEL_TO_TUNNEL_IPSEC" tags = [] # (21 unchanged attributes hidden) Plan: 0 to add, 1 to change, 0 to destroy. Warning: Version constraints inside provider configuration blocks are deprecated on provider.tf line 20, in provider "aws": 20: version = "~> 3.0" Terraform 0.13 and earlier allowed provider version constraints inside the provider configuration block, but that is now deprecated and will be removed in a future version of Terraform. To silence this warning, move the provider version constraint into the required_providers block. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes module.FW_TSA.module.FW_Security_Policies.panos_panorama_security_policy.TSA_FIREWALL_POLICIES: Modifying... [id=TSA_DeviceGroup:pre-rulebase] Error: The request could not be handled on FW_TSA/FW_SecPolicies/Sec_Policies.tf line 5, in resource "panos_panorama_security_policy" "TSA_FIREWALL_POLICIES": 5: resource "panos_panorama_security_policy" "TSA_FIREWALL_POLICIES" { ... View more

When receiving an error from the Panorama REST API, the platform is responding with what appears to be an invalid XML document. Here is the data in question: <response><code>16</code><message>Invalid Credential</message><details><entry @type="CauseInfo"><causes><entry><code>2</code><module>panui_auth</module><description>Invalid Credential</description></entry></causes></entry></details></response> All XML parsers/validators refuse this XML document as being not well formed. Removing the @ character appears to fix the problem.   Full URL Get: https://usdeast01pano.hersheys.com/restapi/v9.1/Objects/Addresses?location=shared&output-format=xml   Parameters (Key | Value) -- Already embedded in the get above: location | shared output-format | xml   Non-Standard Headers (Key | Value): X-PAN-KEY | <Invalid API Key>   Response: <response><code>16</code><message>Invalid Credential</message><details><entry @type="CauseInfo"><causes><entry><code>2</code><module>panui_auth</module><description>Invalid Credential</description></entry></causes></entry></details></response> ... View more

Customer updated all devices to latest PANOS version after receiving the email for  CVE-2021-3064. However, the PANOS versions for the devices are still showing the older version (8.1.6) in the customer support view. Customer can open each devices and change the PANOS version manually. Cx asks, Shouldn't It update the PANOS version on this view by itself? Please advice   ... View more