Umbrella SIG tunnel to Palo Alto NGFW

geronimo95 · ‎04-21-2023

Need to onboard a PA box to SIG.

Did all according to the documentation and it looks like there's no response from the Umbrella side.
Since it has no VPN logs whatsoever - any tips on how to tshoot this?

marce1000 · ‎04-22-2023

- Do you have any (informative) logs at the Palo Alto side (if possible enable debugging levels and or checkout https://docs.paloaltonetworks.com/prisma/prisma-sd-wan/prisma-sd-wan-ion-cli-reference/use-cli-commands/debug-commands/debug-logging-facility )

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

geronimo95 · ‎04-22-2023

Tunnels is from their NGFW, not SD-WAN box and logs show that Umbrella is not responding at all.

geronimo95 · ‎05-12-2023

bump

geronimo95 · ‎05-03-2023

bump

Marvin Rhoads · ‎05-12-2023

I assume you are using one of their data center addresses (https://docs.umbrella.com/umbrella-user-guide/docs/cisco-umbrella-data-centers) and have defined the tunnel in your SIG dashboard already (Deployments > Core Identities > Network Tunnels).

If all that checks out, then I would open a ticket with Umbrella support.

geronimo95 · ‎05-16-2023

Correct.
The support route is taking too long (don't get me started on TAC nowadays...)
I was wondering if someone configured this contraption before as for the love of me I can't understand why something so trivial is like trying to teach a pig to fly with Umbrella.