Open gmmd001 opened 1 week ago
Import to Panorama template with vsys doesn't work today due to a PAN-OS issue with target-tpl-vsys. This is issue ID PAN-257229, and has been addressed, however it's not yet available in any Panorama release.
If you are able to log a support case and reference PAN-257229 and your Panorama version, it will help to prioritise the need to back port the fix.
Thanks for the info. I'll open a case and bug my SE about this too and see if we can get it released.
Describe the bug
Multiple issues when adding certs to a vsys on Panorama - No Trusted CA attribute; stored in Shared; cannot be removed
Expected behavior
Cert gets added to the vsys location, is marked as a Trusted CA and can be removed from the GUI
Current behavior
Specifying a --vsys argument causes the cert load to put the cert in ssl-decrypt/trusted-root-CA xpath, but the certs show up in Panorama with the "Shared" location, the Trusted CA attribute is missing, and the certs cannot be deleted from Panorama: 1- Failed to delete Certificate - 9005-F01C1ACA392882AF152E9F01EC. ° 9005-F01C1ACA392882AF152E9F01EC cannot be deleted because of references from: ° template -> Master-Template -> config -> devices -> localhost.localdomain -> vsys -> TEST Virtual Firewall -> ssl-decrypt -> trusted-root-CA
Possible solution
No idea - I see a comment in the code for vsys loading: if args.vsys is not None:
XXX does not work
so maybe this is a known issue?
Steps to reproduce
Screenshots
Context
Trying to load certs to only one vsys due to election change freeze windows
Your Environment
Panorama 10.2.9-h11 Python 3.10.12 chainguard 0.5.0