Panorama Commit Fail With Error: Duplicate User Name

Issue

A security rule on Panorama contains a list of source users. When a Panorama commit is performed to push a configuration with this rule, the operation fails with "Duplicate user name". The following is an example of the error:

VSYS1

Error: Duplicate user name 'CORPORATE_NT\prasad.bathula'

Error: Failed to parse security policy

(Module: device)

Commit failed

Cause

The managed Palo Alto Networks firewall failed to process the rule, because the list of source users was edited from Panorama.

Resolution

To resolve the issue, remove the security rule pushed by Panorama on the managed firewall, edit the rule in Panorama, and then perform a Panorama commit again to push the updated configuration:

1. Disable the security policy on Panorama which, for this example, contains 'CORPORATE_NT\prasad.bathula' in its source user column
2. Push the configuration from Panorama onto the managed firewall. The commit on the firewall should succeed.
3. On the managed firewall itself, the same security rule should no longer exist.
4. Enable the security policy back on Panorama.
5. Commit locally on Panorama and then push the configuration onto the managed firewall.

owner: kadak