Panorama managed firewall loses security policies after cloning the policy in panorama and pushing the change

Panorama managed firewall loses security policies after cloning the policy in panorama and pushing the change

435
Created On 05/30/25 09:15 AM - Last Modified 06/12/25 21:16 PM


Symptom


  • Cloning the security policy, that has a long name (62 or 63 characters) in Panorama's Device Group.
  • This rule can be later renamed
  • Commit and push from panorama caused some of the security policies to be removed from the managed firewall.
  • Commit operation will be stuck at 99%.

Environment


  • Panorama
  • NGFW

Cause


Software Issue.  Panorama not able to handle properly the cloning of the security rule that has 62 or 63 characters long name.

Resolution


  1. The issue is fixed under PAN-282069 in PAN-OS 11.2.6 and 11.1.9
  2. Upgrade to the above versions or higher will resolve the issue.
  3. As a workaround, avoid using security policy names consisting of 62 or 63 characters .
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000blURKAY&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail