05-28-2025 06:05 PM
Hi, can anyone help me? I keep receiving this error even after I removed or changed the IP on the VLAN interface.
I also tried pushing VLAN interface 10 (without an IP) first along with the subinterface. It was successful, but when I try to deploy the IP change, the error still occurs.
I am deploying from Panorama.
In router default: address 192.168.1.1/24 on interface vlan has overlapping subnet with address 192.168.1.1/24 on interface vlan.10.(Module: routed)
05-28-2025 06:34 PM
Hi @J.Santos708860 ,
As I understand you are getting error while making the changes from Panorama for VLAN interface IP. May I check what error are you getting.
05-29-2025 05:04 AM
This is what I can see in the command > show jobs id #
Enqueued Dequeued ID Type Status Result Completed
------------------------------------------------------------------------------------------------------------------------------
2025/05/29 06:53:15 06:53:15 4630 CommitAll FIN FAIL 06:56:00
Warnings:
Duplicate certificate subject found:
/CN=vpn.domain.com
/C=US/CN=Forward-Trust-CA
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
/C=US/CN=Forward-Untrust-CA
/C=US/CN=Forward-Trust-CA
/CN=vpn.domain.com
CN = vpn.domain.com
/CN=vpn.domain.com
Aggregate-ethernet interface ae1 has no member interfaces.
Aggregate-ethernet interface ae2 has no member interfaces.
Certificate central_2023_vpn.domain.com in shared expired on Jun 13 23:59:59 2024 GMT
Certificate Sophos in shared expired on Jun 29 00:00:00 2023 GMT
Certificate crt.GoogleIDPMetadata2024-1.shared in shared expired on Sep 23 19:21:06 2024 GMT
Certificate 3050_2023_vpn.domain.com in shared expired on Jun 13 23:59:59 2024 GMT
Certificate vpn.domain.com2022 in shared expired on Apr 26 23:59:59 2023 GMT
External Dynamic List MK EDL anti-phishing Error 401 is configured with no certificate profile. Please select a certificate profile for performing server certificate validation.
External Dynamic List MK EDL TOR Nodes Error 401 is configured with no certificate profile. Please select a certificate profile for performing server certificate validation.
External Dynamic List MK EDL Anti Phishing Domains Error 401 is configured with no certificate profile. Please select a certificate profile for performing server certificate validation.
External Dynamic List MK EDL Anti-Phishing URLs Error 401 is configured with no certificate profile. Please select a certificate profile for performing server certificate validation.
External Dynamic List MK EDL LightboardSeriesYoutubeVideos is configured with no certificate profile. Please select a certificate profile for performing server certificate validation.
EDL(vsys1/MK EDL Minemeld inboundfeedhc http ip) Unable to fetch external dynamic list. Couldn't connect to server. Using old copy for refresh.
EDL(vsys1/MK EDL block advertising Pi-hole is using it ip) Downloaded file is not a text file. Using old copy for refresh.
EDL(vsys1/MK EDL LightboardSeriesYoutubeVideos url) Unable to fetch external dynamic list. Couldn't connect to server. Using old copy for refresh.
Details:In router default: address 192.168.1.1/24 on interface vlan has overlapping subnet with address 192.168.1.1/24 on interface vlan.10.(Module: routed)
client routed phase 1 failure
Commit failed
Local configuration size: 18 KB
Predefined configuration size: 19 MB
Merged configuration size(local, panorama pushed, predefined): 25 MB
Maximum recommended merged configuration size: 23 MB (108% configured)
05-29-2025 05:24 AM
You have same IP/subnet configured in 2 places:
Details:In router default: address 192.168.1.1/24 on interface vlan has overlapping subnet with address 192.168.1.1/24 on interface vlan.10.(Module: routed)
05-29-2025 05:30 AM
Hi, my goal is to move the IP address 192.168.1.1 from the VLAN interface to VLAN 10.
In Panorama, I have already removed the assigned IP address from the VLAN interface and assigned it to the VLAN 10 interface. The virtual router and security zone are both set to None as well.
05-29-2025 06:26 AM
Is 192.168.1.1 production IP that Palo uses to connect to Panorama?
If not then temporarily remove it from old location in Panorama, commit, add to new location and commit.
If it is used to communicate with Panorama then you could force commit template values from Panorama but without knowing your setup I can't vouch for that approach because it will wipe all local overrides in the firewall.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
