cancel
Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

Panorama Ok-Validation error when push to FW from newly created objects

L4 Transporter

I can import config to expedition, rule enrich, and import the rules/objects into Expedition project normally that works great.  I then will use export/api manager to push config to panorama.  When I push - I only push Atomic- for security rules and objects- since those are the only items that have changed with the entire config. I make sure to follow the ordering on the left hand side, and push the objects first, and then the security rules.   I can successfully push through API manager GUI in expedition to Panorama successfully.  Commit on panorama works normally.  When I go to push to the FW from Panorama, the commit fails:

"Validation Error:

vsys 1 >rulebase->security->rules->NAMEOFRULEHERE->source 'NEWLYMADEADDRESSHERE' is not an allowed keyword

 

vsys->vsys1->rulebase->security->rules->NAMEOFRULEHERE->source 'NEWLYMADEADDRESSHERE' is an invalid ipv4/v6 address

 

Error: Failed ot find address 'NEWLYMADEADDRESSHERE'

Error:Unknown address 'NEWLYMADEADDRESSHERE'

Error:Failed to parse secrutiy policy

Commit failed

 

It's almost like it's not finding the newly created objects on the FW.  The weird thing is that I can go and rename the object, commit on panorama and repush to the FW, and then the object on the Local FW is recognized, and the error goes away, and it moves on to the next newly created object that was made through expedition. 

 

I can export the xml config- and import it to panorama, and then mode merge it for objects and security rules, and everything works normally, no commit errors with this at all.   

 

I'm sure I'm missing something here, or commiting wrongly, but I don't know what it is.  Does anyone have suggestions/fixes/encountered issues with this before?  

Who Me Too'd this topic