IP's under DAGs' not getting pushed to firewall from Panorama Nutanix Plugin
0
Created On 03/18/20 16:03 PM - Last Modified 07/19/22 23:17 PM
Symptom
- Nutanix : IP's not getting pushed to PanOS from Panorama
- Review the output of below CLI command
> show object dynamic-address-group all
Dynamic address groups in vsys vsys1:
----------------------------------------------------
---------------- defined in vsys --------------------
WordPress-WebTier
filter: 'ntnx.PC-Prism_Central.CL-Ntnx-Cluster.AppTier.Web'
members: total 0
WordPress-DatabaseTier
filter: 'ntnx.PC-Prism_Central.CL-Ntnx-Cluster.AppTier.Database'
members: total 0
Remote_Desktop_Servers
filter: 'ntnx.PC-Prism_Central.CL-Ntnx-Cluster.AppType.Remote_Desktop_Services'
members: total 0
chandra-test
filter: 'ntnx.PC-Prism_Central.CL-Ntnx-Cluster.QA.dev'
members: total 0
--------------- defined in shared ------------------
O: address object; R: registered ip; D: dynamic group; S: static group
----------------------------------------------------
---------------- defined in vsys --------------------
WordPress-WebTier
filter: 'ntnx.PC-Prism_Central.CL-Ntnx-Cluster.AppTier.Web'
members: total 0
WordPress-DatabaseTier
filter: 'ntnx.PC-Prism_Central.CL-Ntnx-Cluster.AppTier.Database'
members: total 0
Remote_Desktop_Servers
filter: 'ntnx.PC-Prism_Central.CL-Ntnx-Cluster.AppType.Remote_Desktop_Services'
members: total 0
chandra-test
filter: 'ntnx.PC-Prism_Central.CL-Ntnx-Cluster.QA.dev'
members: total 0
--------------- defined in shared ------------------
O: address object; R: registered ip; D: dynamic group; S: static group
Environment
- Platform: Panorama
- Deployment: VM-Series
Cause
- Firewall can't handle if vsys list has "" (empty) value. The IP tags are not being fetched.
Resolution
- This issue has been addressed in PAN-OS 8.1.14 or later and 9.0.7 and later