Firewalls managed by panorama stop forwarding logs to Cortex Data Lake after cloud services plugin 1.4.0 installed to panorama (PAN-122804)
12168
Created On 10/10/19 02:53 AM - Last Modified 01/31/20 01:10 AM
Symptom
Customer ID (Known as Tenant ID also) for Cortex Data Lake users disappear from panorama managed firewalls after cloud services plugin 1.4.0 is installed to panorama.
Those managed devices stop forwarding logs to Cortex Data Lake with cloud services plugin 1.4.0.on panorama.
It is able to confirm Customer ID with the command below
panorama
Note: Even though the issue occurs, Customer ID is seen in panorama,
> show system state | match cfg.saas.custid
cfg.saas.custid: XXXXXXXXX
Firewall
Firewall shows Customer ID as "0"
> show system state | match cfg.saas.custid
cfg.saas.custid: 0
We are aware of the issue as PAN-122804, and it was fixed in PAN-OS 8.1.12 and 9.0.4.
PAN-OS 9.0.4 Addressed Issues
PAN-OS 8.1.12 Addressed Issues
Environment
- Using Cortex Data Lake with panorama, and firewalls under management of panorama configured to forward logs to Cortex Data Lake.
- cloud-service plugin 1.4.0 or later is installed to .
- Panorama PAN-OS version is before 8.1.12 / 9.0.4.
Resolution
Resolution 1: Upgrade PAN-OS of panorama to 8.1.12 / 9.0.4 or later.
Upgrade panorama PAN-OS to 8.1.12 / 9.0.4 or later.Then push the Customer ID to firewalls under panorama management by refresh license.
Follow the steps.
- Navigate to Panorama->Device Deployment->Licenses
- Click Refresh link
- Select FWs and click Refresh button
> show system state | match cfg.saas.custid
cfg.saas.custid: XXXXXXXXX
Resolution 2: Open support case.
If customer is unable to PAN-OS immediately due to user situation, please open support case to PaloAlto Networks support when you find the symptom.OPENING A CASE WITH CUSTOMER SUPPORT
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClNSCA0Our support engineer will arrange live debug session and apply workaround to the environment.