06-07-2023 08:21 PM
We have upgraded our palo alto firewall from 9.2.x to 10.2.4 after degradation from Panroma getting error as " out of sync ". we tried to commit and push from Panorma but we were unable to commit getting the error " SSH invalid"
kindly help us to resove this issue
06-09-2023 02:32 AM
Hi @sujithGovindaraj ,
With some major upgrades there are changes in config syntax. During the upgrade firewall will automatically update the configuration to the new syntax - this is one of the main reasons why before it was important to follow the upgrade path and not skip majort version (to ensure proper config upgrade).
Unfortunately there are some rare cases where the automatic config upgrade is failing. What most probably is happening is that the current commited config contain syntax for the previous versions (probably from 10.0 or .1 as SSH ciphers were not available in 9.1).
I would suggest you the following:
1. Login to the problematic FW
2. Export running config to xml file
3. Open the XML with text editor and locate the relevant part of the config - the error gives you some directions <deviceconfig><system><ssh>
4. Delete the whole "section" <ssh></ssh>
5. Import the edited config back to the FW
6. Load the imported config - this will load the file as candidate config
7. Commit locally to the firewall
8. Confirm commit is successfull and try to push from Panorama
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
