Packet Buffer Protection setting is not applied on firewall zones after successful Panorama template push

Packet Buffer Protection setting is not applied on firewall zones after successful Panorama template push

1800
Created On 06/07/22 21:35 PM - Last Modified 05/20/25 02:45 AM


Symptom


  • Packet Buffer Protection setting is not applied after successful Panorama template push.

On Firewall:

  • CommitAll job from Panorama template push was committed successfully on applicable firewall,
  • However, the Panorama pushed PBP (template) setting did not get applied on firewall
  • system log (show log system) display the job completed.
YYYY/MM/DD 18:41:53 info     general        general 0  CommitAll job enqueued. Enqueue time=YYYY/MM/DD 18:41:53. JobId=10. User: panorama. Type: Full
YYYY/MM/DD 18:41:53 info     general        general 0  CommitAll job started processing. Dequeue time=YYYY/MM/DD 18:41:53. JobId=10.User: panorama  
YYYY/MM/DD 18:41:58 info     general        general 0  Panorama push template PA-820_stack with merge-with-candidate-cfg   flags set.
                                                       JobId=10.User=panorama. Dequeue time=YYYY/MM/DD 18:41:53. TPL version: 30.
YYYY/MM/DD 18:43:59 info     general        general 0  Config installed
YYYY/MM/DD 18:44:42 info     general        general 0  CommitAll job succeeded. Completion time=YYYY/MM/DD 18:44:42. JobId=10. User:panorama


Panorama-PBP.png

Firewall-PBP.png



 

 

Environment


  • Panorama managed Firewalls
  • Supported PAN-OS 

Cause


Packet Buffer Protection (PBP) settings on Panorama Template is not applied as expected.

Resolution


1. Ensure the firewall zone(s) setting is on "Revert" (Solid Green Cog) mode ... (NOT in override mode)
Note: If firewall zone(s) is in override mode, please revert it to Solid Green Cog (Using Panorama Force Template Values)
PA-820 > Network > Zone > Highlight applicable zone > Click on "Revert" on the bottom section (Repeat the same steps on other applicable zones)

2. On Panorama, disable PBP setting on applicable Panorama Template
Panorama > (Template) Network > PA-820 > Select Applicable zone > Disable PBP on applicable zones 

3. Commit to Panorama and Push the updated template to applicable firewall 

4. Re-enable PBP setting on applicable Panorama Template
Panorama > (Template) Network > PA-820 > Enable PBP on applicable zones

5. Commit to Panorama and Push the updated template (with PBP enabled) to applicable firewall

6. Verify on firewall if the PBP setting pushed from Panorama are applied successfully on applicable zones
PA-820 > Network > Zone > Verify the PBP setting

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000Cpw1CAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language