So, it's looking like my shared address/group objects from the ASA are all corrupted now. I didn't scroll down the entire validation output but it's a very long list about
rulebase -> security -> rules -> Rule-01 -> source 'object-XYZ' is not an allowed keyword rulebase -> security -> rules -> Rule-01 -> source object-XYZ is an invalid ipv4/v6 address rulebase -> security -> rules -> Rule-01 -> source object-XYZ range separator('-') not found rulebase -> security -> rules -> Rule-01 -> source 'object-XYZ' is not a valid reference rulebase -> security -> rules -> Rule-01 -> source is invalid
When I check the address object in the Panorama CLI, it looks like this (GUI is similar):
set shared address object-XYZ ip-netmask 1.2.3.4/32
Similarly, for a group object and its members, it all looks fine.
In the case of a group object, there were two that I deleted and re-created identically and then they worked.
... View more