This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Not able to push and commit from the panorama.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Not able to push and commit from the panorama.

Jafar_Hussain
L4 Transporter

‎12-15-2020 10:41 PM

Dears,

I have added my firewalls in a panorama. but sometimes i am getting the below commit error:-

 

Jafar_Hussain_0-1608100763099.png

 

VPN-SSL is not a newly created object. it was there since i added the firewall in the panorama. And the issue occurs intermittently.

Panorama version - 9.1.2

Firewall version- 9.0.8

 

your suggestions appreciated.

0 Likes Likes
7 REPLIES 7

S.Cantwell
Cyber Elite
Cyber Elite

‎12-16-2020 05:54 AM

Manually add the VPN-SSL object directly onto the FW and commit on the FW.

Now the object is there.

 

Push from Panorama and I believe this would resolve your issue (or maybe create a new issue.  :P)

 

Please advise.

Help the community: Like helpful comments and mark solutions
0 Likes Likes

Jafar_Hussain
L4 Transporter
In response to S.Cantwell

‎12-16-2020 06:06 AM

@S.Cantwell 

The object VPN-SSL already in firewall. before 3 months we import all the configurations. we didn't create any new object in the panorama.

this issue occurs intermittently in the panorama showing multiple objects and services while committing. below is one more example:-

 

 

Jafar_Hussain_0-1608127581335.png

 

 

0 Likes Likes

S.Cantwell
Cyber Elite
Cyber Elite
In response to Jafar_Hussain

‎12-16-2020 07:02 AM

The messages seem to be when you are pushing from panorama TO a FW, vs just committing locally to only the Panorama.

The error you get appears that the object is NOT located in some area.

So, do you need to create the service HTTPS object?

 

If you want to say the Panorama xml is corrupted, that would be fine by me.

You generally asking if we have seen this issue and how to resolve it.

 

How do you want to proceed?  Do you want to fool the Panorama and manually add objects that are not seen?

If the objects are seen on the Panorama, do you want to delete the object and then re-create it?

 

We are here to help you.  What response are you looking for.

 

Help the community: Like helpful comments and mark solutions
0 Likes Likes

BPry
Cyber Elite
Cyber Elite

‎12-16-2020 10:15 AM

@Jafar_Hussain,

Before you go out and chase a possible XML corruption issue or anything like that, simply update Panorama. 9.1.2 is incredibly early in 9.1's branch and multiple validation and config errors were addressed in 9.1.4. Install the current recommended release (9.1.6) and report back if that doesn't fix your issues. It should. 

0 Likes Likes

Jafar_Hussain
L4 Transporter
In response to BPry

‎12-16-2020 10:30 AM

@S.Cantwell 

Yes, this error occurs while pushing the configuration from panorama to the firewall.
yes, you are right, when i check the object the location is showing "local" not a "shared". example(Firewall-1).

 

@BPry 

This issue occurs intermittently because at the morning i tried to commit 2 times it failed and the 3rd time is succeded without any changes i believe i need to upgrade the panorama.

0 Likes Likes

Jafar_Hussain
L4 Transporter
In response to Jafar_Hussain

‎12-24-2020 05:15 AM

@BPry @S.Cantwell 

 

I have upgraded the panorama up to 9.1.6 yesterday. and today i was facing the same issue again. while i try to commit and push from panorama getting the below error:-

 

Jafar_Hussain_0-1608815563872.png

 

For the solution, i reconfigure the address object(VPN-SSL) and it is working fine. but i am suspecting this issue is occurring intermittently and not able to find the cause of this issue.

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to Jafar_Hussain

‎12-24-2020 09:07 PM

@Jafar_Hussain,

I would open a TAC case if you see the same behavior again. It looks like the address object itself isn't known within the configuration for some reason. You could do a compare between the functional and non-functional XML files if you took a copy of the candidate config prior to fixing the issue, as there might be something that isn't being read correctly. 

Regardless, you would really need to dive into the logs to fix the issue. That's not something we can really do over the community, but is something that TAC can help you with. 

0 Likes Likes
  • 7326 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks