On Panorama, we have several logging profiles setup at shared/parent DG level. Two of the logging profiles reference server profiles that are defined in on some Device Templates (FW-A)...and not on others (FW-B). When we push configs down to FW-B, the commit fails. A) FW-B doesn't have the server profile defined in the Device Template (obviously) but B) the logging profile isn't used anywhere on FW-B.
Our Panorama is set to only push used objects to the FW. Since those logging profiles aren't used on FW-B, why is this logging profile causing a commit error out?
We either have to define the server profiles on FW-B, or remove the logging-profile from the Shared DG Level and move it down to the specific FW DG.
I forgot to ask, are there any other ways of dealing with this other than my two mentioned methods?
An Object that is not being used should not be pushed...but for some reason logging-profiles always seem to be pushed regardless if they are used or not. I want to say this is a bug....but maybe there is something different/special about logging profiles that Panorama is required to push to FWs even though they are not being used on that FW.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!