No zone configuration" if an IPv4 Interface/sub-interface is Configured with a Zone/Partial Commit"

No zone configuration" if an IPv4 Interface/sub-interface is Configured with a Zone/Partial Commit"

0
Created On 09/26/18 13:53 PM - Last Modified 07/19/22 23:11 PM


Resolution


Overview

On PAN-OS, when an IPv4 is configured on an interface, together with a zone and only a partial commit with the option "Include Device and Network configuration" is being done, on the first partial commit the Palo Alto Networks firewall will report the following warning "No zone configuration." If the zone is added one more time no warning will appear upon the second partial commit.

 

Cause

Even though multiple-vsys is not configured on the firewall, the zone is considered to be part of the vsys(1), which is committed when the commit is done with the option "Include Device and Network Configuration."

 

Solution

Once the first commit is completed, the zone will be part of the vsys(1) and can then be assigned to an interface, which by default belongs to vsys(1). This warning will not appear if the user performs a full commit.

 

owner: aciobanu
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClxUCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail