Palo Alto upgrade to 8.0.7 broken?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Palo Alto upgrade to 8.0.7 broken?

L3 Networker

Hi,

 

PA-3020. Had a customer upgrading from 8.0.4 to 8.0.7 and, after upgrading, autocommit failed with the message: 

"Failed to find address US";  "Unknown address US"; "Failed to parse security policy", where US is a default region object used in the security policy. There are no customer objects created in the Objects -> Regions section.

Checking here first as maybe there's already known problem with this? I see there's a post from a guy in the reddit about such a result as well, so that shouldn't be limited to a single device only.

Upgrade to 8.0.6-h3 with the same config was successful.

12 REPLIES 12

We are still seeing this issue, so far we have been unable to get past this and upgrade to anything >= 8.0.7

 

PA220 - cli "fix" commands worked to get past geo object errors and device came up and works with the config unchanged, even upgraded from 8.0.7 to 8.0.8 no issues 

 

PA5050 (HA pair) - cli "fix" commands do not work (Dataplane not ready message every time), commit do not work (auto commit just keeps trying and failing over and over again and everything else queues behind it), deleting the policy from cli and doing a commit works but then we are unable to re-add the policy with the geo objects because it fails to commit with the same error in OP

 

 

 

 

L0 Member

@hshawn Thanks!

 

This solved the country code errors while upgrading to PANOS 8.0.8

==============================================
from operational mode: <debug device-server reset id-manager type vsys-region>
from config mode <commit force>
==============================================

@jeames

 

good! I'm glad you got past that error 🙂

 

For anyone wondering about us here, since these did not work on our 5050 HA pair devices I was able to do the following:

 

1. delete the security policies using the regional objects

2. upgrade

3. re-create policies

 

Please note step 1 has to be done before step 2. doing the upgrade and *then* deleting the policy will results in an upgrade and the auto commit will work but re-adding the policies will fail with the same error as before.

 

thanks all!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!