IP TAG is not getting sync'd to all the vsys in the managed Firewall when pushed from Panorama using XML API user-id script

IP TAG is not getting sync'd to all the vsys in the managed Firewall when pushed from Panorama using XML API user-id script

3090
Created On 07/29/22 18:18 PM - Last Modified 08/08/24 22:57 PM


Symptom


  • Newly pushed IP TAG can be seen under panorama and only synced in vsys1 on the managed firewall.
  • IP TAG doesn't sync in other vsys on the managed firewall even though they have the agent config.

Environment

Cause


Software Issue.

Resolution


  1. The issue is fixed under PAN-193733 in PAN-OS 10.2.4, 10.1.9 and higher version.
  2. Upgrade to the above versions will fix the issue.
  3. As a workaround, Use the Host and Port option to configure the Data redistribution agent in a multi-vsys system instead of using the Serial Number
the screenshots show the host port configuration for redistribution agent
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wlC0CAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language