Unable to commit due to Validation Error against nested wildcard(*) in URLs after installing 8.0.8

Printer Friendly Page

Summary:

Starting with PANOS 8.0.8 a new URL filtering validation was added to the commit process to warn administrators about configuration containing nested wildcards (*) in URL filtering profiles as this could impact the overall performance of the dataplane.

 

For more detail, please check the release note for Issue ID PAN-86882 in PANOS 8.0.8 : PAN-OS 8.0.8 Addressed Issues

 

The validation is triggered by the cases listed below.

 

Case1: Commit operation done by "Commit" button of GUI or "commit force" or "commit" command of CLI.

 

Please note that the validation doesn't take place for auto-commit done by the system startup or Dynamic Updates.

For example, if Dynamic Updates job installs new Applications and Threats and then the PaloAlto Network Firewall performs auto-commit in order to reflect the installed Applications and Threats, the validation doesn’t take place.

 

Case2: Revert operation done by "Revert last saved configuration" or "Revert to running configuration" of GUI.

 

Case3: Load operation done by "Load named configuration snapshot" or "Load configuration version" of GUI / "load config" command.

 

Case4: Input nested wildcard(*) in Allow List / Block List field of "Overrides" tab of URL Filtering Profile.

 

Case5Input nested wildcard(*) in Sites field of "Custom URL Category".

 

For example, when the validation takes place you will see the validation error message as the following screen shot 1,2 and 3 shows.

 

Operation Failed - URL filtering profile:

operation failed.pngScreenshot1

 

You will see the message shown at Screenshot1 when the validation take places after you input nested wildcard(*) in Allow List / Block List field of "Overrides" tab of URL Filtering Profile (Case 4) and then push "OK" button.

 

Commit Failed:

Capture2.JPGScreenshot2

 

You will see the message shown at Screenshot2 when the validation take places after Commit operation is processed by "Commit" button of GUI (Case1).

 

Operation Failed - Custom URL filtering profile:

operation failed #3.pngScreenshot3

  

You will see the message shown at Screenshot3 when the validation take places after you input nested wildcard(*) in "Sites" field of "Custom URL Category" and then push "OK" button. (Case5).

 

If you see these messages during your daily operation after upgrading your PANOS to PANOS 8.0.8, please review our guide and then refine your URL pattern with nested wildcards.