Problems with configuring Palo Alto PA-500 Firewall

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Problems with configuring Palo Alto PA-500 Firewall

L3 Networker

Hi Guys,

I can connect via serial and console port from CLI to Firewall. But when i am trying to set ip for management interface i'm getting the following error

Server error : system -> authentication-profile 'LDAP Authentication Profile' is

not a valid reference

Can anybody help me?


Thanks

Tigran

1 accepted solution

Accepted Solutions

L5 Sessionator

Hello ,

Please try the following command in configure mode to delete the authentication profile and assign ip-address to management interface.

>configure

#delete deviceconfig system authentication-profile

#set deviceconfig system ip-address <ip-address> default-gateway <gateway-address> netmask <net-mask>

#commit

Regards,

Hari Yadavalli

View solution in original post

5 REPLIES 5

L5 Sessionator

Hello ,

Please try the following command in configure mode to delete the authentication profile and assign ip-address to management interface.

>configure

#delete deviceconfig system authentication-profile

#set deviceconfig system ip-address <ip-address> default-gateway <gateway-address> netmask <net-mask>

#commit

Regards,

Hari Yadavalli

L7 Applicator

It sound like you had this firewall managed from Panorama and commit is failing.

When there's an invalid reference, you usually have objects in the candidate config pointing to other objects that are supposed to be created from Panorama. If the referred-to object is created locally, or if it didn't exist, you may get the "is not a valid reference" error.

What you can do is locate the object that is referencing the Panorama object and delete it.

If Panorama had connectivity to the device, a commit to Template and Device Group should resolve the issue.

You can explore the candidate config with commands:

> set cli config-output-format set

> configure

# show

... to see lines including references to 'LDAP Authentication Profile'

you could issue command:

# show | match "LDAP Auth"

Once the invalid references are cleared, you should be able to commit.

If you don't know how to delete them, please contact Palo Alto Networks Support.

L6 Presenter

Just export the config

Delete "LDAP Authentication Profile"

import the config and try to commit again.

L7 Applicator

The advice above will eliminate the commit error.

But the first task is to find out WHY LDAP was configured in the first place and make sure removing this configuration is the correct solution.  If LDAP is supposed to be used then there are configuration mistakes made that have introduced this error and they should be investigated and repaired.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L3 Networker

Thanks, it helps!

  • 1 accepted solution
  • 4092 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!