This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

large API call fails: Invalid target object in edit handler

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

large API call fails: Invalid target object in edit handler

Go to solution
philipp_kreidl
L2 Linker

‎08-04-2020 09:10 AM

When trying to send an rather large API call (atomic) to Panorama I receive this error message <Fail: Invalid target object in edit handler>

error.png

 

 

 

 

What I found out so far:

  • API calls work correct if the "payload" (element content) is below a specific size, but there are also 2 different error situations
    • where the error message above is shown
    • where no error message is shown but a 500 internal server error is logged in the chrome console.
  • Happens for multiple types, tested and confirmed with: Security Rules & Address objects
  • Content of the API call is not the problem, I can split it manually and send it from Expedition in 2 runs by hand (same content but split into 2 api calls)
  • A single character makes the difference if it works or fails

Please see this picture for the size of the API call payload which causes problems:

sizes.png

Should the picture not work:

Lower equal 101162 bytes > works
Between 101163 and 101210 bytes > Does not work but no error message is shown. Chrome console throws 500 error
Above 101211 bytes > Expedition error message shown

 

 

I'm not sure if the problem is caused by expedition or by Panorama itself. I wasn't able to recreate the same API call expedition is doing with linux.
Expedition 1.1.73.1
Panorama 9.0.9

 

I've edited large security rulesets in the past and it worked, not sure since when this is broken.

Thanks for your help

8 people had this problem.
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
GustafBerg
L0 Member
In response to GustafBerg

‎10-27-2020 05:08 AM - edited ‎10-27-2020 05:10 AM

Hello again,

 

I had a chat with Palo Alto and Expedition about this through our support case. Turns out it was not related to Panorama PanOS 9.x.

 

The expedition tool is using the POST to send the big amount of data, and in that case the limit should be 5MB, which is far from the limit you were seeing.

 

It seems to have been an issue in the PHP code handling a very large body.

 

Update to Expedition (1.1.83.2) fixed all our issues using the built in API Output Manager.

View solution in original post

1 person found this solution to be helpful.
0 Likes Likes
6 REPLIES 6

Go to solution
philipp_kreidl
L2 Linker

‎08-04-2020 09:14 AM

I got the values wrong,

101166 Works

101167 Fails, no error, chrome error

101215 Fails, with error, no chrome error

0 Likes Likes

Go to solution
dgildelaig
L5 Sessionator
In response to philipp_kreidl

‎08-04-2020 09:22 AM

We are looking into it, as making the payload smaller works.

You may want to open a case with Panorama as well so they can check if this is a limitation on there while we look into Expedition end.

Go to solution
philipp_kreidl
L2 Linker
In response to dgildelaig

‎08-12-2020 09:04 AM

Quick update from my end: Upgraded Panorama from 9.0.9 to 9.1.4, issue is the same - no difference.

0 Likes Likes

Go to solution
GustafBerg
L0 Member

‎09-24-2020 01:59 AM - edited ‎09-24-2020 02:15 AM

Hey!

 

We also have this issue, so I raised a support ticket with Palo Alto and this is their response.


This behavior is a known issue with Panorama 9.x
Engineering is aware of the issue. From reading the notes, it looks like there is no setting or anything to implement as a workaround.
It appears to be strictly about the size of the call as you discovered. In testing, only making the API call shorter allowed it to work.
Currently, there is no ETA on a resolution.

 

I'll let you know if we get any more information about this from Palo Alto.

Expedition on 1.1.81.

Go to solution
GustafBerg
L0 Member
In response to GustafBerg

‎10-27-2020 05:08 AM - edited ‎10-27-2020 05:10 AM

Hello again,

 

I had a chat with Palo Alto and Expedition about this through our support case. Turns out it was not related to Panorama PanOS 9.x.

 

The expedition tool is using the POST to send the big amount of data, and in that case the limit should be 5MB, which is far from the limit you were seeing.

 

It seems to have been an issue in the PHP code handling a very large body.

 

Update to Expedition (1.1.83.2) fixed all our issues using the built in API Output Manager.

1 person found this solution to be helpful.
0 Likes Likes

Go to solution
philipp_kreidl
L2 Linker
In response to GustafBerg

‎10-27-2020 05:50 AM

I can confirm that the API call for the security rules now works as expected.

 

But 1.1.83.2 introduced a different issue for me, I will create a new post for that issue.

 

Thanks @GustafBerg 

  • 1 accepted solution
  • 7935 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks