4.0.8 Object Name Change Not Updated In Policy

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

4.0.8 Object Name Change Not Updated In Policy

L3 Networker

I used to be able to make changes to objects (address/groups/application groups) ect. But now when I made the change I have to go through my policies and NATs and update them manually. Any ideas? Is there an update object option that I'm not aware of?

8 REPLIES 8

L4 Transporter

I think I might be confused by your question.  Are you saying that when you go to the Objects tab > Addresses (for example) and you modify an address object's name, it does not modify that in the security rule?  Don't have a box running 4.0.8 right now, but tested in 4.0.4 and 4.1.1 and objects do get renamed properly there.

Is it possible you're using Panorama and you're renaming shared objects and not localized objects or vice versa?

Yes exactly, its really annoying and I only started seeing it after we upgraded to 4.0.8. It doesn't change the object in the NAT, ACL, or Address Groups. You litereally have to go to each one and re-enter the correct name. Otherwise you get an error when trying to commit that says no refrence found for XX. I have about 150 objects that need to have their names changed with our new standard...

I think it would be best to call in to support on this issue and have them look at it.  If necessary, they can have engineering look at it as well.

L4 Transporter

Hello,

I can confirm this bug 4.0.8 (cluster of PA500).

Regards,

Hedi

Hi all,

same here since upgrading our PA2020 cluster to 4.0.8.

Is there an official statement / confirmation from PA on this issue?

Regards Stefan

I'm not at a place where I can test this now, but standard practice in situations such as these is to open a case with support to get this into the right hands as quickly as possible.  If you open it online, outline the steps to re-create the issue.  The support engineering team can either come up with a fix or a work-around, and if it's a bug then they can file it as such in our bug tracking system.  The development engineering team will then assign to the appropriate engineers teams for a fix. Opening a case allows you to follow this progress and communicate with the assigned support engineer.

So in that light, I'd recommend opening a case to get the right people on it ASAP.

L4 Transporter

Same issue here (4.0.8).  Modify any object in the "Objects" tab - and the corresponding policy does not get the change (commit fails with "device: failed to find address.....").  Process is to then go hunt down where the object is used - delete it and then re-add back to the policy. 

- mike

L3 Networker

Hello All,


This appears similar to a fix which has been included in PanoS v4.0.9 (released 01/23). Reference the list of addressed issues, #35919 which includes a detailed description.


Regards,


Bryan

  • 4861 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!