Unable to reference a shared certificate profile when configuring a shared HIP object in Panorama

Unable to reference a shared certificate profile when configuring a shared HIP object in Panorama

2390
Created On 07/01/24 11:13 AM - Last Modified 01/25/25 04:28 AM


Symptom


  • When creating a shared HIP object in Panorama, you cannot reference shared certificates profiles.
  • The certificate drop-down list on the Certificate tab of the HIP Object configuration window, will not show any configured certificate profile.

Environment


  • Panorama
  • Supported PAN-OS

Cause


Shared template configuration is different from shared objects in DG on panorama. The template configuration cannot be referenced in the shared DG objects, as it might be pushed to devices not managed by that template, causing a commit failure.

Resolution


Option 1: Configure a new Device Group under the Shared Device Group and use it as Parent Device Group for all DG:

  1. In Panorama > Device Groups, click Add to create a new Device Group, and leave "Shared" as Parent Device Group.
  2. In the Reference Templates section, add the Shared template and click OK.
  3. Select each Device Group and change the Parent Device Group from Shared to another Device Group.
  4. In Objects > GlobalProtect > HIP Objects, select the new Device Group in the drop-down menu.
  5. Create the HIP Object. Do not select Shared.

Option 2: Create the HIP Object in the existing Device Group and reference the "Shared" template: 

  1. In Panorama > Device Group, select the existing Device Group and use the "Shared" template under Reference Templates. Click OK.
  2. In Objects > GlobalProtect > HIP Objects, select the Device Group in the drop-down menu.
  3. Create the HIP Object. Do not select Shared.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HDTMCA4&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail