Error on Commit from Panorama After Migrating Firewalls from BrightCloud to PAN-DB

Printer Friendly Page

Issue

If managed Palo Alto Networks firewalls are migrated from BrightCloud to PAN-DB but Panorama still has BrightCloud, an error may occur when trying to commit from Panorama to the firewalls. The commit error that may appear is:

template > Shared Template > config > devices > localhost.localdomain > deviceconfig > system > update-schedule > url-database Not available for PAN-DB.

Resolution

  1. Disable the shared policies/object and templates settings on the managed devices
    1. Go to Device > Setup > Management tab
    2. Edit Panorama Settings and click 'Disable Panorama Policy and Objects' and 'Disable Device and Network Template'
      Screen Shot 2013-05-21 at 10.16.04 AM.png
    3. Do a local commit on the manage devices
  2. Change the URL-Filtering database on Panorama and managed devices by running the following command (on Panorama and the devices):
    > set system setting url-database (data base name)
  3. On Panorama, run the following commands:
    > configure
    # delete template <template name> config deviceconfig system update-schedule url-database
    # commit
  4. Enable the shared policies/object and templates on the managed devices and commit
  5. Push the template from Panorama to the managed devices.

owner: shasnain

Tags (6)
Comments

It would be nice if someone stitched together this document with Using Panorama to Manage Devices with PAN-DB and Devices Not Licensed for URL Filtering

when device is running 6.0 version, The bright-cloud categories pushed by Panorama will be translated dynamically into PAN-DB categories on the device.

had this on 7.x device, for some reason it freaked out

 

Validation Error:

deviceconfig -> system -> update-schedule -> url-database Not available for PAN-DB
deviceconfig -> system -> update-schedule -> url-database is invalid

 

(active)> set system setting url-database brightcloud

Server error : There are uncommitted changes. Please commit all pending changes and try again.

 

solution:

on local device:

          load config from running-config.xml

          commit force

on panorama:

          commit from panorama