- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-15-2024 08:24 PM
Recently we upgrade the panorama to 11-1-2-h3, and found those firewall which under panos version 11.1.2-h3 would occur validation error"OOXML is not a valid reference", we have confirmed the content version and antivirus version of the panorama and the firewall had upgraded to the latest version , it seems that there is a new model called "OOXML" is in the Wildfire Inline ML which in the antivirus profile, we tried to disable it and pushes again, but still didn't work.
Does anybody faced this kind of problem before?
05-27-2024 04:06 AM
What worked for us was to delete the line in the CLI referencing the OOXML files. Then the pushes to other, older versions of PanOS work. The OOXML issue only appears if you try to edit the security profile and then make a push
08-09-2024 03:14 PM
Logged in to say thank you for this.
It took me a minute to decipher this, if anyone else needs it spelled out even more.
I made an AV in a device group for a specific firewall.
delete device-group Example-Group profiles virus Example-AV mlav-engine-filebased-enabled OOXML
I then I made an altered clone, saw it was going to need to hit multiple FWs, so I moved it up the stack and then got the error on a lot more FWs.
delete shared profiles virus Example-AV mlav-engine-filebased-enabled OOXML
It had also been a few hours since I read the above post and forgot the caveats the user put in the same line. I was getting concerned that this list was empty.
delete device-group Higher -In-The-Device-Group-Example-Group profiles virus Example-AV mlav-engine-filebased-enabled OOXML
I eventually realized my mistake though and found them in shared.
05-16-2024 01:49 AM
Hi,
I randomly read posts on this site and I clicked on your post. It appears that you’re encountering a validation error related to the “OOXML” model when pushing configuration from Panorama to firewalls. Here are some steps to consider that you can follow:
If the problem persists, you can consider reaching out to support for further assistance. I hope my suggestion will be helpful for you to solve this issue. If you have any questions related to this then you can ask me. I will be glad to help you!
05-16-2024 02:22 AM
Hi,
Thanks,I've checked the Application&threat version on both of them, so think I'll open a ticket for this.
05-24-2024 02:54 AM
Hi
we have the same issue.
Our ASC told us the following:
In version 11.1.3 OOXML support for WIldFire Inline ML was added (the docs say 11.1.3, but I could also find it in other 11.1.x versions, so I suspect a typo on Palo's part. https://docs.paloaltonetworks.com/wildfire/u-v/wildfire-whats-new/wildfire-features-in-panos-1113/oo... [docs.paloaltonetworks.com
Since the Panorama cannot push a feature to the firewalls that is not yet available there, you would either have to upgrade the firewalls once and adapt them to the Panorama or downgrade the Panorama, whichever suits you better.
You should then be able to commit/push again.
But upgrade or downgrade is not an option at this moment. So ticket is opened at PAN Support now.
05-27-2024 04:06 AM
What worked for us was to delete the line in the CLI referencing the OOXML files. Then the pushes to other, older versions of PanOS work. The OOXML issue only appears if you try to edit the security profile and then make a push
06-04-2024 02:10 AM
yes, confirmed, you can use command
delete shared /or DG name/ profiles virus <name Antivirus profile > mlav-engine-filebased-enabled OOXML
08-09-2024 03:14 PM
Logged in to say thank you for this.
It took me a minute to decipher this, if anyone else needs it spelled out even more.
I made an AV in a device group for a specific firewall.
delete device-group Example-Group profiles virus Example-AV mlav-engine-filebased-enabled OOXML
I then I made an altered clone, saw it was going to need to hit multiple FWs, so I moved it up the stack and then got the error on a lot more FWs.
delete shared profiles virus Example-AV mlav-engine-filebased-enabled OOXML
It had also been a few hours since I read the above post and forgot the caveats the user put in the same line. I was getting concerned that this list was empty.
delete device-group Higher -In-The-Device-Group-Example-Group profiles virus Example-AV mlav-engine-filebased-enabled OOXML
I eventually realized my mistake though and found them in shared.
08-20-2024 06:51 PM
Boy I sure appreciate this level of detail. Thanks for posting this up. I was wondering how I was going to unf*ck this. Cheers.
11-19-2024 02:39 PM
Anyone got resolution from palo alto TAC or removing antivirus profile is only option provided by palo alto ???
11-19-2024 11:57 PM
This solution is not from Palo, this is a good workaround. The official solution from Palo is to upgrade all firewalls.
11-20-2024 12:15 AM
It was caused by PAN-249931 and was fixed in PAN-OS 11.1.2-H4. We upgraded to this version and resolved the issue.
11-20-2024 12:24 AM
We upgraded from 11.1.4-h1 to 11.1.5-h1 we encounter this issue .Ok i am not sure you aware about vulnerability but its not fixing under but 11.1.2-H4 so you have to upgrade PANOS
CVE-2024-9474 PAN-OS: Privilege Escalation (PE) Vulnerability in the Web Management Interface
11-20-2024 06:09 AM
I havent understand . Are you able to delete mlav-engine-filebased-enabled OOXML from your antivirus profiles ???? After deleting it , issue was solved for you ?
11-21-2024 10:20 AM
I have since upgraded all my firewalls to 11.1.2, so I don't have the issue any longer. When I did have the issue, I was able to delete OOXML from the profile. Then, any time I made a change, OOXML would come back. I would need to delete it again. It's a temporary fix really.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!