Policy change pushed to firewall from Panorama is not present on the firewall

Policy change pushed to firewall from Panorama is not present on the firewall

6116
Created On 04/11/23 16:49 PM - Last Modified 12/13/24 22:25 PM


Symptom


  • Policy changes made on a device group are pushed to the firewall.
  • After a successful push, the policy is not visible on the firewall.

Environment


  • Panorama managed Firewalls
  • Supported PAN-OS
  • Commit and Push operation

Cause


Here are the three common reasons for the issue.

  • At the target tab of the policy, the device is not selected.
  • The change is yet to commit to panorama prior to the device push.
  • A full commit is pending either admin level or all Changes  on the panorama even after a selective commit.

Resolution


  1. In the target tab of the policy, "Any" is checked by default, If a specific device is selected, ensure the required device is also selected to enable the device to receive the change.
  2. Commit the changes to Panorama first before pushing to the device.
  3. Toggle between "Commit All Changes" and "Commit changes made by admin" to check for any pending full commit. Perform a full commit if required before proceeding to push to the device.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kHeGCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language