failed to generate selective push

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

failed to generate selective push

L0 Member

Hello,

 

I'm struggling with the integration of new devices, after many tries, I finally removed the new devices, but 2 of the other firewall can't commit anymore :

when I try to push to devices, I've got the following error "Failed to generate selective push configuration. Last in-sync configuration for the device is from a different version, selective push is not supported. Please try a full push."

 

What is a full push  by the way?

 

In summary page the status is :

- both devices of the device group are connected

- shared policy is "out of sync Panorama pushed version :360"

- template is "out of sync Panorama pushed version :331"

 

I've tried from Setup> Operation, to "export or push device config bundle" on these specific devices using version 331".

the load is working fine, then I commit to Panorama, which is also fine.

But pushing to devices fails for template and device group.

 

What would be the next step to recover a valid configuration that won't disturb the service on the firewalls ?

 

43 REPLIES 43

L2 Linker

does it have a fixed release?

 

 

L0 Member

This is happening to us as well on Panorama running 10.2.5. I haven't tried the corrupted file fix another user posted. This 10.2.x PANOS train is very buggy.

L0 Member

I am experiencing same issue, failed to generate selective push even on Panorama running on version 10.2.6-h1.

Community Team Member

Hi there @marie-merlier @JackGibbons @pritamvathare ,

 

I would recommend opening up a support case for this issue. 

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

I am still experiencing the same issue on version 10.2.7.

The issue reappeared few months after upgrading to 10.2.7.

L0 Member

Still experienced in Panorama version 10.2.5-h1.

L1 Bithead

Unfortunately we are in 11.1.1 PANOS version and has the same bug. 

"Error: Selective push is blocked since a load was performed, please perform a full push"

Perhaps, spoke too soon. looks to be normal now, after couple of full push its back to selective push now.

L0 Member

Just upgraded Panorama to 10.2.9-h1 and it started to require full push for all managed devices, I am not OK with this so I downgraded back to 10.1 series.

This link doesn't work for me, just end up at KB home?

L2 Linker

All those that are still hitting this.

 

1. Make sure you are not more than 100 versions off from your Pano Running and the FW configuration. If you are over 100 you will need to do a full push to be able to do selective pushes.

2. If you are still hitting the issue on a version 10.2 you may need to call TAC and have them clear the XML as I stated in an earlier post.

 

I am on 11.0 code at this point and have had no issues with selective pushes unless we are over 100 revs difference. Hope this helps anyone still having the issues.

Everything after 9.x is straight trash.

I agree.  Ever since moving to 10.x train, it has never worked right.   Our scheduled pushes don't work sometimes as well from the same type errors

L1 Bithead

@marie-merlier wrote:

Hello,

 

I'm struggling with the integration of new devices, after many tries, I finally removed the new devices, but 2 of the other firewall can't commit anymore :

when I try to push to devices, I've got the following error "Failed to generate selective push configuration. Last in-sync configuration for the device is from a different version, selective push is not supported. Please try a full push."

 

What is a full push  by the way?

 

In summary page the status is :

- both devices of the device group are connected

- shared policy is "out of sync Panorama pushed version :360"

- template is "out of sync Panorama pushed version :331"

 

I've tried from Setup> Operation, to "export or push device config bundle" on these specific devices using version 331".

the load is working fine, then I commit to Panorama, which is also fine.

But pushing to devices fails for template and device group.

 

What would be the next step to recover a valid configuration that won't disturb the service on the firewalls ?

 


I believe this is a push committing and pushing _ALL_ changes from all users, instead of just yourself. in my case, I had the problem, when I was pushing just my user account's worth of changes, but then I went ahead and pushed all users, and it worked. it took a couple of back and forths to get it to go through though.

  • 49282 Views
  • 43 replies
  • 3 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!