Committing template configurations when referencing Device Group objects

Committing template configurations when referencing Device Group objects

31418
Created On 09/26/18 13:48 PM - Last Modified 06/01/23 21:01 PM


Resolution


Issue

When attempting to create a template that references configurations from Device Group, such as Address Objects, Address Group, Services, etc, Template push from Panorama to device fails.

 

Cause

This happens because the newly referenced items have not been commited to the firewall yet, and because those items have not been pushed to the firewall, the error will be displayed.

 

For example:

If an object is created in the Device Group: (Panorama > Objects > Addresses)

KB-Devce_Group-01.jpg

 

 And referenced in the template configuration(Panorama > Network > Interfaces)

KB-Template-01.jpg

 

The template push commit fails since the Device Group configurations are not yet pushed to the device

KB-Template-03.jpg

 

"Validate Changes" also shows that the template push fails with the same error messages

KB-Template-02.jpg

 

Resolution

Commit from Device Group, with the Include Network and Device Template option enabled to allow the template push to succeed along with the Device Group references.

 

To ensure that commit of template configurations work when referencing Device Group object, the commit must be done from the Device Group tab, with “Include Device and Network Templates” option enabled.

KB-Devce_Group-02-v1.jpg

 

Commit succeeds now that both Device Group and Template configurations are committed together

KB-Devce_Group-03.jpg

 

Checking on the firewall shows the object is committed and referenced correctly: (Firewall WebGUI > Network > Interfaces)

FW-IP-Objct-mod.jpg

 

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClpwCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language