A commit from Panorama on a version of PAN-OS 6.0 and later to a Palo Alto Networks firewall running on PAN-OS 5.0, can fail with the following errors on the ms.log:
"Verifying Configuration Error: pan_schema_verify_string(pan_schema_verify.c:361): Node can be at most 31 characters - current length 72 near line 0 Error: pan_cfg_verify_ex(pan_cfg_commit_handler.c:1004): invalid confgiuration. Schema verification failed. rulebase -> security -> rules -> test1234 -> tag N rules -> test1234 -> tag Node can be at most 31 characters - current length 72 Error: pan_jobmgr_process_job(pan_job_mgr.c:2914): error verifying commit candidate"
Cause
The tag character length cannot be greater than 31 to the firewall on PAN-OS 5.0.
On versions prior to PAN-OS 6.0 the tag can contain up to 31 characters.
Beginning with PAN-OS 6.0 the maximum tag length can be up to 127 characters.
If the Panorama is running on PAN-OS 6.0 or higher and is configured with a tag length of more than 31 characters, the commit on the Panorama will succeed.