10-14-2022 08:05 AM
Hello all,
I have an issue with a couple of HA Palo Alto firewalls managed by Panorama.
I was doing some tests for LACP and I overrode the configuration of an aggregate interface enabling LACP. Then I disabled it again from the firewall GUI (not from Panorama - so I overrode my previous override, I think).
The problem is that now, when I try the revert button, I obtain the following error: "member cannot be deleted because of references from:
network -> virtual-router -> vr -> routing-table -> ip -> static-route -> default -> interface"
I tried the following KB but it did not help (I also did not modify the virtual router configuration at all): Unable to Revert the Interface Config to Panorama Pushed Config - Knowledge Base - Palo Alto Network...
However I noticed that the VR has also the override symbol near the name, even though I did not change it.
What can I do to remove the override and have Panorama push the templates again?
Firewalls are running PAN-OS 9.1.14-h4.
Many thanks!
10-15-2022 02:04 PM
You can use "Force Template Values" to replace the overrides.
Panorama Commit Operations (paloaltonetworks.com)
Check the warning text on the above page, as you need to be really sure before using this option.
- DM
10-17-2022 01:44 AM
Thanks for your response.
Is there a way to quickly check all the values that are currently overriden in the running configuration?
If I select the option "Force Template Values" from Panorama, shall I disable also "Merge with candidate configuration"?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
