This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Pushing template from Panorama resulting in error

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Pushing template from Panorama resulting in error

tjeedigunta
L0 Member

‎07-20-2020 02:43 PM

Imported Palo Alto configuration to Panorama

Modified BGP configuration..to be precise added "deny" rules under bgp>import>

committed changes to Panorama

Pushed the modified templates to the same device from where I imported the config.

 

Commit is failing with below errors:

  • Details:
  • . Validation Error:
  • . import -> network -> interface 'sdwan' is not a valid reference
  • . import -> network -> interface is invalid
  • . import -> network is invalid
  • . import is invalid
  • . vsys is invalid
  • . devices is invalid
  • . Configuration is invalid

request to kindly help me resolve the error.

 

1 person had this problem.
0 Likes Likes
7 REPLIES 7

reaper
Cyber Elite
Cyber Elite

‎07-23-2020 04:23 AM

how big is the difference of PAN-OS between panorama and the device?

it appears panorama is tryting to push an sdwan interface and the firewall isn't having it

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

tjeedigunta
L0 Member
In response to reaper

‎07-23-2020 12:59 PM

Panorama is on 9.1.1 and Palo Alto VM is 9.0.6

Is it because of Panorama SDWAN introduced in 9.1.1 that Im not able to push the config?

0 Likes Likes

reaper
Cyber Elite
Cyber Elite
In response to tjeedigunta

‎07-23-2020 01:28 PM

Panorama should normalize configuration to lower version devices

Is the firewall showing up with the right panos in managed devices? Could be an issue with panorama 9.1.1, could give .3 a shot (or get in touch with support)

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

RyanMa
L0 Member

‎08-19-2020 03:21 PM

I was getting the same error after adding a new device in Panorama. Panorama is running 9.1.2 and local device is 9.0.8.   Issue started after Exporting the config bundle from Panorama to the local device.  It looks like it is trying to push the "sdwan" interface which isn't available in 9.0.   I was able to get around it by deleting the "sdwan" interface.  I could not find a way in the GUI but was able to delete from the CLI using the following commands.  After deleting on both and committing in Panorama I was able to push to the device from Panorama with no errors.

 

On Panorama:
configure
edit template "template name"
edit config vsys vsys1 import network
delete interface sdwan

 

On Local Device:
configure
edit import network
delete interface sdwan

(1)

telco_muguerza
L0 Member
In response to RyanMa

‎09-28-2020 07:15 AM

Thanks. It works fine. Same issue with my FW on 8.1.15 to Panorama in 9.1

 

 

0 Likes Likes

orapp
L0 Member

‎05-13-2021 03:06 AM

Thanks Ryan,

 

On Panorama we did it and it solved the issue:
configure
edit template "template name"
edit config vsys vsys1 import network
delete interface sdwan

(1)

Him007
L0 Member

‎02-15-2024 09:44 AM

I had same problem, no need to downgrade the panorama or firewall code... On panorama go to Virtual Systems under the device tab, select vsys1 (whatever you have) remove sdwan from there & you are good to commit it.

0 Likes Likes
  • 9670 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks