SD_WAN tunnels on the managed firewalls may disappear after the PAN-OS upgrade on Panorama

SD_WAN tunnels on the managed firewalls may disappear after the PAN-OS upgrade on Panorama

12989
Created On 05/27/22 20:38 PM - Last Modified 01/04/25 03:05 AM


Symptom


  • IPSEC tunnels suddenly disappear on the Panorama-managed firewalls running in an SD-WAN environment and tunnel traffic goes down
  • Downgrading to the older version of the PAN-OS on Panorama won't help to bring back the IPSEC tunnels on firewalls.
  • The SD-WAN configured tunnels won't be available as the firewall's local configuration and also won't be available on the Panorama template configuration to restore the same.

Environment


  • Panorama and Firewalls in SD-WAN environment
  • SD-WAN plugin version 2.0.3
  • PAN-OS 10.0 and above.

Cause


After upgrading the PAN-OS of Panorama integrated with the SD-WAN plugin or after performing a config sync on Panorama to the SD-WAN integrated firewalls

Resolution


  1. Do a slight change in the SD-WAN cluster configuration so that it won't impact the SD-WAN environment and push the same to all firewalls in the SD-WAN environment. For (eg) making changes to hub priority.
  2. After performing the commit and push, the managed firewalls will now restore all the disappeared IPSEC tunnels by themselves.

Additional Information


Configure SDWAN
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CplXCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language