About crostron76

Thanks @JimmyHolland, you were spot on.  I had been close with a few commands I had tried throughout the day, and after this post had figured out I needed [@name='localhost.localdomain'], but still couldn't quite get the syntax correct.   On my system since I use curl running from Windows and have a WebUI certificate issued from the device itself I needed a few little tweaks to your command.   This was the winner for me: curl -X GET "https://<firewall-fqdn>/api/?key=<key>&type=config&action=set&xpath=/config/devices/entry[@name='localhost.localdomain']/network/tunnel/ipsec/entry[@name='IPSec-Tunnel-Name']&element=<disabled>yes</disabled>" --ssl-no-revoke   1> I had to add the double quotes to the command to keep Windows happy. 2> Adding the --ssl-no-revoke element to the command to avoid to schannel revocation error.   Of interest, this device is not managed by panorama so it is a bit strange that initial error I was getting, I too thought it was behaving like the config was pushed by Panorama.  However it’s not, this firewall is stand alone and not managed by any panorama instance, as such there is no override command to use.   Thanks again for helping, much appreciated. Chris. ... View more

Thanks @ashleyk for sharing this.  Setting up and Azure PA-VM today I made these same initial setup errors.  My deployment is almost identical to yours, minus the VPN.  Once I moved to Static IP address on the public interface and static routes as prescribed by you, traffic started flowing.  ... View more

Thanks so much Crostron76.    I will apply proposed solution and test it with my users. I will post results once issue fully resolved. Awsome!! ... View more