Pushing template from Panorama resulting in error

Reply
Highlighted
L0 Member

Pushing template from Panorama resulting in error

Imported Palo Alto configuration to Panorama

Modified BGP configuration..to be precise added "deny" rules under bgp>import>

committed changes to Panorama

Pushed the modified templates to the same device from where I imported the config.

 

Commit is failing with below errors:

  • Details:
  • . Validation Error:
  • . import -> network -> interface 'sdwan' is not a valid reference
  • . import -> network -> interface is invalid
  • . import -> network is invalid
  • . import is invalid
  • . vsys is invalid
  • . devices is invalid
  • . Configuration is invalid

request to kindly help me resolve the error.

 

Highlighted
L7 Applicator

how big is the difference of PAN-OS between panorama and the device?

it appears panorama is tryting to push an sdwan interface and the firewall isn't having it

Tom Piens - PANgurus.com
Find my book at amazon.com/dp/1789956374
Highlighted
L0 Member

Panorama is on 9.1.1 and Palo Alto VM is 9.0.6

Is it because of Panorama SDWAN introduced in 9.1.1 that Im not able to push the config?

Highlighted
L7 Applicator

Panorama should normalize configuration to lower version devices

Is the firewall showing up with the right panos in managed devices? Could be an issue with panorama 9.1.1, could give .3 a shot (or get in touch with support)

 

Tom Piens - PANgurus.com
Find my book at amazon.com/dp/1789956374
Highlighted
L0 Member

I was getting the same error after adding a new device in Panorama. Panorama is running 9.1.2 and local device is 9.0.8.   Issue started after Exporting the config bundle from Panorama to the local device.  It looks like it is trying to push the "sdwan" interface which isn't available in 9.0.   I was able to get around it by deleting the "sdwan" interface.  I could not find a way in the GUI but was able to delete from the CLI using the following commands.  After deleting on both and committing in Panorama I was able to push to the device from Panorama with no errors.

 

On Panorama:
configure
edit template "template name"
edit config vsys vsys1 import network
delete interface sdwan

 

On Local Device:
configure
edit import network
delete interface sdwan

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!