Problems with configuring Palo Alto PA-500 Firewall

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L3 Networker

Problems with configuring Palo Alto PA-500 Firewall

Hi Guys,

I can connect via serial and console port from CLI to Firewall. But when i am trying to set ip for management interface i'm getting the following error

Server error : system -> authentication-profile 'LDAP Authentication Profile' is

not a valid reference

Can anybody help me?


Thanks

Tigran


Accepted Solutions
Highlighted
L5 Sessionator

Hello ,

Please try the following command in configure mode to delete the authentication profile and assign ip-address to management interface.

>configure

#delete deviceconfig system authentication-profile

#set deviceconfig system ip-address <ip-address> default-gateway <gateway-address> netmask <net-mask>

#commit

Regards,

Hari Yadavalli

View solution in original post


All Replies
Highlighted
L5 Sessionator

Hello ,

Please try the following command in configure mode to delete the authentication profile and assign ip-address to management interface.

>configure

#delete deviceconfig system authentication-profile

#set deviceconfig system ip-address <ip-address> default-gateway <gateway-address> netmask <net-mask>

#commit

Regards,

Hari Yadavalli

View solution in original post

Highlighted
L7 Applicator

It sound like you had this firewall managed from Panorama and commit is failing.

When there's an invalid reference, you usually have objects in the candidate config pointing to other objects that are supposed to be created from Panorama. If the referred-to object is created locally, or if it didn't exist, you may get the "is not a valid reference" error.

What you can do is locate the object that is referencing the Panorama object and delete it.

If Panorama had connectivity to the device, a commit to Template and Device Group should resolve the issue.

You can explore the candidate config with commands:

> set cli config-output-format set

> configure

# show

... to see lines including references to 'LDAP Authentication Profile'

you could issue command:

# show | match "LDAP Auth"

Once the invalid references are cleared, you should be able to commit.

If you don't know how to delete them, please contact Palo Alto Networks Support.

Highlighted
L6 Presenter

Just export the config

Delete "LDAP Authentication Profile"

import the config and try to commit again.

Highlighted
L7 Applicator

The advice above will eliminate the commit error.

But the first task is to find out WHY LDAP was configured in the first place and make sure removing this configuration is the correct solution.  If LDAP is supposed to be used then there are configuration mistakes made that have introduced this error and they should be investigated and repaired.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
Highlighted
L3 Networker

Thanks, it helps!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!