Missing ip-netmask, ip-range or fqdn attribute

Reply
Highlighted
Not applicable

Missing ip-netmask, ip-range or fqdn attribute

Just wondering if anyone else has seen this issue. I have a 5.0.2 Panorama managing multiple 5.0.2 firewalls, and a few 4.1.x firewalls.

Suddenly and for no obvious reason, I am getting the following error when trying to commit post/pre rules to ALL device groups:

  • Details:

  • . VSYS1
  • . Error: Missing ip-netmask, ip-range or fqdn attribute
  • . (Module: device)
  • . Commit failed

I have scrubbed the config for any object/group that could be missing the required parameters but I can find nothing. Also, Panorama console now displays the following error when logging in via SSH:

Server error : show -> system -> setting -> multi-vsys  is unexpected

Again, I cannot find anything out of place. I have even gone so far as to compare the pre 5.0.x Panorama config to the current and can find no obvious reason for these errors. All 5.0.2 devices work properly.

Another item of note; Panoram is attempting to push template values to the 4.1.9 devices even though they are not in a template group.

Thoughts? Suggestions?

L5 Sessionator

Re: Missing ip-netmask, ip-range or fqdn attribute

templates were introduced from 5.0,  4.1 devices won't take the template config when pushed.So when you commit to a device group Please uncheck Include Device and Network Templates option and Force Template Values see if it goes away.

L5 Sessionator

Re: Missing ip-netmask, ip-range or fqdn attribute

Are you seeing the missing ip-netmask error when pushing just to 4.1.x devices? Or are you seeing also for PAN-OS 5.0 devices? Also were you able to get commits to work in the past with your current OS versions or did this break after you upgraded or performed some other action? If some action was done prior to seeing these errors, then what was the action?

Not applicable

Re: Missing ip-netmask, ip-range or fqdn attribute

UPDATE: The issue was caused by a dynamic object created as a shared object. Panorama was attempting to commit the shared dynamic object to the 4.1.x devices. I deleted the shared object and re-created it under the device group where it was being used and viola!

L7 Applicator

Re: Missing ip-netmask, ip-range or fqdn attribute

Any idea how to easily find the wrong object in a list of more than 4000 objects?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!