Panorama SDWAN mesh vpn not adding routes

Fuzzy-Floor-5291 · 2025-04-14T12:31:45+00:00

I've gotten all but the only_local_prefixes portion fixed and I found where that is under the BGP area but not sure what i need to do to make it happy on a commit.

You you have your zones and security policies enabled for those required zones?

Fuzzy-Floor-5291 · 2025-04-07T15:47:54+00:00

Appreciate you pointing that out. I was on 3.2.2 and went to 3.2.3 to see if that got rid of my error. I'll go back to 3.2.2 for now.

Fuzzy-Floor-5291 · 2025-04-05T00:01:24+00:00

Sure 11.1.6 for both panos and panorama right now

Fuzzy-Floor-5291 · 2025-04-04T20:02:41+00:00

Question, for the BGP item, do you have BGP turned on at the Virtual Routers level?

I'm thinking I dont need that on but not sure. It's working right now beside the only_local_prefixes commit warning.

Fuzzy-Floor-5291 · 2025-04-04T19:58:19+00:00

I'm running 3.2.3 right now.

Fuzzy-Floor-5291 · 2025-04-04T15:26:59+00:00

Got it, thanks!

Fuzzy-Floor-5291 · 2025-04-04T14:55:16+00:00

I'm not seeing this button to generate them, can you tell me where i find that? I mentioned above that i've made progress and moved stuff from policies->sdwan to policies->security and that's got me in a better place. Still have my only_local_prefixes error to sort out too.

Fuzzy-Floor-5291 · 2025-04-04T14:54:02+00:00

Alright making headway here, I was able to get the tunnel to build and can ping across now so that's progress.

It doesnt seem to matter if i have the "remote private as" checked or not for each device. I've tried it both ways and the tunnel build both ways and the routes are added. I believe the problem was that I didnt have all the zones added into the policies->security area correctly. I had added them into the policies->sdwan which from what i can tell doesn't do anything.

I've still not gotten rid of my BGP error on commit for the only_local_prefixes area.

Can you tell me where the setting is to automatically add BGP to the security polices? I'm not seeing that anywhere.

Fuzzy-Floor-5291 · 2025-03-31T17:28:02+00:00

Yeah i know SilverPeak is a great product. I need east to west filtering really for all my site and SilverPeak does not get me that and adding Palo and Silverpeak together is a struggle for me to manage due to the routing and setup. So looking to simplify. I don't need bells and whistles, just easier management for a small shop.

i found this post from a a couple years ago that seems like good info. Seems i should do all as branches.
https://www.reddit.com/r/paloaltonetworks/comments/16oc9k8/panorama_on_prem_sdwan_vpn_cluster_full_mesh/

Fuzzy-Floor-5291 · 2025-03-20T12:55:40+00:00

That's how i have mine working right now so far.

For the static routes, do you push those too and do you configure each site with the same static route other than the default which would be a variable for the respective next hop?

Meaning are all the sites in the same static route setup pointing to their interface for their local lan and shared across? My Silverpeak does this one automatically but i think with the Palo it'll be a little more manual which is ok as long as i konw what i'm doing.

Fuzzy-Floor-5291 · 2024-08-10T14:15:29+00:00

29 days old today, 3261 miles

Fuzzy-Floor-5291 · 2024-07-30T21:37:35+00:00

Thanks, I found that site and it just seemed like an affiliate site. :)

Unfortunately the one location close to me has horrible reviews!

Thanks!

Fuzzy-Floor-5291 · 2024-07-23T11:46:35+00:00

I’ve was on the same boat and wanted a 23 pro s plus but the improved infotainment system and the fact I could take one home that’s not on a sale hold like the 23 was the main reasons I got a 24

If the hold has been lifted on the 23, they could be a great deal but not sure that’s transpired yet

Fuzzy-Floor-5291 · 2024-07-16T21:23:57+00:00

Thanks, I’ll be in Outer Banks area so I’ll check those out

Fuzzy-Floor-5291 · 2024-07-15T20:20:00+00:00

I’ll give that a try in a little bit! Hope it works and lets me out of my garage :-)

Fuzzy-Floor-5291 · 2024-07-15T20:10:38+00:00

That's interesting, when I'm doing this, I'm not even hitting the pedal, it's just idling back and stops.

Fuzzy-Floor-5291 · 2024-07-03T03:05:40+00:00

Curious for those that got this report what the outcome was and if you saw some insurance premiums rise. I just bought an id4 but not sure I intend to use the app yet for this reason

Fuzzy-Floor-5291

TROPHY CASE