Commit error profile compiler can not find tid 40006 in threat database

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Commit error profile compiler can not find tid 40006 in threat database

L1 Bithead

Hi,

 

We are having issues with commit in the FWs from last Wednesday. The error that we receive is: "Error: Profile compiler : can not find tid 40006 in threat database". The commit finishes correctly, but with the warning of the error.

Commit error.png

We have revert the content update of the apps and threats to a previous one and the commit finishes correctly. With the latest content updates we are having issues too.

Updates.png

¿Any idea why are we receiving the error? We have checked that the threat ID 40006 exists.

 

Regards.

9 REPLIES 9

Cyber Elite
Cyber Elite

Hello,

Try to install a newer version or revert to the previous one and try upgrading again. If this doesnt work, perhaps a call to tech support.

 

Regards,

L7 Applicator

You might have an exception for Threat ID 40006 in one or more of your security profiles. A simple way to check your whole config for that can be done in CLI:

> show config running

hit / (forward slash) to begin searching, and enter: 

40006

You'll have to scroll up (using the "J" key, may also work with arrow keys) to the top of that entry to find the profile name, and there may be multiple profiles that have it.

L0 Member

Warning message comes from firewall because Threat ID 40006 was disabled starting from Application version 8165 and later.

 

Please find below release note.

https://downloads.paloaltonetworks.com/content/content-8165-5521.html?__gda__=1562631311_252c3916cad...

I did what you suggested from the CLI and found the 40006 threat exception.  The WebUI did not show it in the exceptions list for me to delete from there.  I went back to the CLI, and fumbled my way through it using the following...

 

This is used to get the output in "set" format.  (This helps those of us who are not overly familiar with PAN-OS CLI.)

> set cli config-output-format set

Enter Config mode.

> configure

Show configuration and search for Threat ID 40006.

# show
/40006

or

# show | match 40006

Use the above output results to create a "delete" command.

# delete profiles vulnerability "vuln-profile-name" threat-exception 40006

Commit changes.

# commit

Problem solved.

L1 Bithead

Hi,

 

We opened a tech support case, and they confirm that the treat id was disabled. Actually we have received a update that they are going to include the threat id next week.

Thank you everyone for the help!!

New Threat update is out 8171-5557 and it does not include threat ID 40006.

Hi,

 

Yes, we are still waiting for the update.

 

Regards.

We have also opened escalation case with TAC. Will let you know if something fruitful comes out.

Hi,

 

Actually with the latest content update, it has been included.

 

Regards.

  • 18714 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!