Query regarding upgrade consideration in Panos 10.0 for "Address Groups and Service Groups"

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Query regarding upgrade consideration in Panos 10.0 for "Address Groups and Service Groups"

L3 Networker
On upgrade to PAN-OS 10.0, the Panorama management server checks for duplicate addresses in address groups (
Objects > Address Groups) and services in service groups (Objects > Service Groups), and fails to commit any configuration changes if duplicate address objects and services exist.
Workaround:
 Before you upgrade to PAN-OS 10.0, modify your address group and service group configurations and rename any duplicate address objects or services.
Please find below link for reference :
 
Usually in any software versions Panorama or Firewall doesn't allow same name address objects and service object in address group and service group respectively. Then why above consideration mentioned in upgrade/downgrade consideration document for Panos 10.0 ? 
 
2 REPLIES 2

Cyber Elite
Cyber Elite

@Deepak_K,

The considerations part of the document I've found to include some really weird "considerations" for things that shouldn't ever be an issue, and I think this is just another example of that. You're absolutely correct that this would already cause validation failures and really shouldn't need to be part of any considerations prior to upgrading to PAN-OS 10, as the commit validation process would already have been failing. 

@BPry  we have faced commit error in panorama after upgrading it to 10.0.5 for duplicate address object and service object in address group and service group respectively.

Config commited successfully in firewall, but while pushing to devices got below error:

1st error  for duplicate address objects in address group. There was two address object of same name , one created in shared and another in device group. And both were added in same device group. 

Removed one address from that group to resolve the issue.

 

2nd error was for duplicate service object which was same like first.

 

Luckily we had only two duplicate objects , hence got only two errors.

  • 2516 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!