Happens alot depending on what you are modifying in the regions; generally throws a parsing issue. The default-regions entries are hidden and they can get weird when you start adding custom regions. Generally running 'debug device-server reset id-manager type vsys-region' will cause the issue to resolve itself.
've seen one instance where the region object was not created properly and a region was added directly into a security policy instead of through an object, which then caused an issue after the upgrade.
this was fixed by properly creating the region object and adding that to the security policy
When you bring up autocommit failures I almost always start looking at the regions, and to a lesser extent the security policies in general to verify everything carried over correctly. It's easier if you are looking directly at the XML file, easier yet if you generate a tech-support file and take a look at the mergesp.xml file that actually includes the default stuff you usually don't see if you just take a look at the running-config.xml
Easy, the running-config.xml isn't going to have anything but your custom regions. It doesn't actually display any of the built-in regions. Same on the GUI, you'll only have the custom regions shown under objects, not the defaults.
There really isn't a great easy way to see both the custom and the built-in on the same config file unless you dig through the Technical Support file and go into the mergesp.xml file. Everything that is built by you as a custom region will be where you would expect to see it in the running-config; however this file also includes everything that's been predefined by Palo Alto, including the regions.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!