This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About PSCH
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About PSCH
01-13-2023
2Posts
1Like
0Solutions
Jan 13, 2023Last Visited
User
Activity
User
Profile
Latest posts by PSCH
| Subject | Views | Posted |
|---|---|---|
| 5448 | 01-25-2022 11:43 AM | |
| 5496 | 01-24-2022 03:24 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 01-25-2022 11:43 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like |
User Badges
Community Statistics
| Member Since | 01-21-2022 10:14 AM |
| Date Last Visited | 01-13-2023 09:35 AM |
| Posts | 2 |
| Total Likes Received | 1 |
01-25-2022
11:43 AM
1 Kudo
Hey, thank you very much for your fast reply! I installed the update the night before and just wanted to report that it works with 10.1.4, when I saw your reply.
In addition: The panorama and also the local firewall needed the 10.1.4, afterwards I removed the tag from the device in panorama and committed and pushed it. After readding the tag and committing and pushing the changes, the rules appeared again.
Best regards
Short update: In my case it was enough to trigger a manual push of the device-group settings to the upgraded firewall, also if there are no pending changes. Just select the device-group and push it. Afterwards the rules handled by tag are appearing again.
Best regards
... View more
01-24-2022
03:24 AM
Hi,
I recognized the same problem today in two locations with PA-220. The users cannot login to GlobalProtect anymore, because the NAT and security policies which are applied by tag are not visible on the local devices anymore.
First just one location. Users told me about connection problems with GlobalProtect. By a look on the firewall I saw that the policies are missing, in the Panorama they were visible. I saw that there was an outstanding push on the Panorama, the preview showed that the policies I was missing should be applied to the location where they were missing. Very strange, because we just wanted to commit and push some shared objects to all locations. I pushed it and hoped it solves the problem. After the successful commit the policies still were not visible on the local device, just on the Panorama.
I tried a reboot of the Panorama and a reboot of the local firewall device without any improvement. Both locations with same configuration were running one month without any problems after the firmware upgrade to 10.1.3, since today. For testing I tried to trigger a new push of polices by applying a new security policy (also by tag) to the device-group-level where the two locations get the other policies (applied by tag) from. After the commit and push the second location, which was running fine up to this moment, got the same problems as the other one, the policies (the old ones) were not visible on the local device anymore. The new one for testing neither.
Panorama firmware version: 10.1.3-h1
My workaround: I cloned the polices (security and NAT) to each local device-group-level and deleted the device tag. Not nice, but working.
The answer from the Nikolay_Dimitrov does NOT point to the problem we described.
Best regards
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
01-13-2023
09:35 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks