Failed commiting config from Panorama

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
L4 Transporter

Failed commiting config from Panorama

Hi,

 

We have a Panorama with several FWs managed. We commited the config but in one of these FWs was failed.

Looking in panorama we see that this device is out of sync (in templates and shred policy). how can i force this commit?? or to have any reason for this fail??.  I dont see any error or how to investigate....


Accepted Solutions
Highlighted
Community Team Member

Hi @soporteseguridad,

 

In that case you might be hitting this :

 

From the PAN-OS 8.0.6 release notes : 

PAN-81100 - Fixed an issue on the firewall and Panorama management server where a memory leak caused several operations to fail, such as commits, FQDN refreshes, and content updates

 

Eitherway, based on the logs it looks like a memory issue so you might want to check the memory usage on the device and look for a process that might be the culprit ... a restart of that process might be a workaround for you in the meantime.

 

To check resource usage you can use the following command :

 

> show system resources follow

 

Cheers !

-Kiwi,

View solution in original post


All Replies
Highlighted
L2 Linker

Why did the commit fail - what does the exact reason for commit failure read?

 

Ajaz Nawaz

JNCIE-SEC No.254

CCIE-RS No.15721

Highlighted
L4 Transporter

I will try to check again. But in commit error in Panorama we didnt see any cause

Highlighted
L4 Transporter

CapturaPA.JPGç

CapturaPA2.JPG

CapturaPA3.JPG

 

 

I tried to do commit in Panorama but it failed again. I attach the screeshots. I cant see any cause for this failed. Any idea? 

Highlighted
L7 Applicator

if you connect to one of the devices that the commit was sent to you can select "Tasks" on bottom RH corner of screen.

select the  commit and this will give you more detail.

 

task.png

Highlighted
L4 Transporter

We dont see any error:

 

Capturafailed1.JPGCapturafallo2.JPG

Highlighted
L7 Applicator

are you looking from panorama or the palo alto firewall.

my suggestion was to go to the firewall itself to review the warning.

Highlighted
Cyber Elite

@soporteseguridad,

I really won't rely on Panorama to give you the same information that the device would in this instance. I would take @MickBall's suggestion and actually look directly at the firewall, it should give you an indication on why the commit is failing. 

Highlighted
L4 Transporter

I see this in monitor logs.

 

CapturaPA111.JPG

 

The commit was done last night so i can see this commit in task in order to do "show jobs id". ANy log file where i can see the cause for this commit error??

Highlighted
Cyber Elite

@soporteseguridad,

The 'show jobs id id' would give you all the warnings, details, and description associated with the commit. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!