Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- 5G
- IoT Security
- Prisma SD-WAN
Network Security
- Prisma Access
- Prisma SaaS
- Prisma Cloud
- CN-Series
- VM-Series:
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
Security Operations
- Resources
- COVID-19 Response Center
About ksauer507
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About ksauer507
2 weeks ago
2Posts
0Likes
1Solution
Apr 29, 2021Last Visited
User
Activity
User
Profile
Latest posts by ksauer507
| Subject | Views | Posted |
|---|---|---|
| 157 | 3 weeks ago | |
| 180 | 3 weeks ago |
User Badges
Community Statistics
| Member Since | 4 weeks ago |
| Date Last Visited | 2 weeks ago |
| Posts | 2 |
3 weeks ago
I got my changes to commit. I had to go to the device > setup > operations area and export the configuration candidate. Then in notepad++ delete a blank <certificates/> line entry and also delete all the ddns-config that we don't use but I was forced to configure just to disable it to get past moving an ip off of vlan "vlan". Then I was able to save this xml and import and then a load and commit it.
... View more
3 weeks ago
Hi, I'm brand new to PA firewalls. Have a new pair of 3220's in active-passive HA. This is not in production. We are using them to learn on and eventually, hopefully later in the year move to production, replacing an active-passive Cisco ASA. I have two 10gbps fiber links to both our core switches in an mlag at the switch (so it looks like a redundant lag). Thats plenty of bandwidth so we want to trunk all our internal networks back here. The outside will come in from load balancers output to a switch where we can pick off a ethernet cable to each 3220 - in time of course. So I create an ae1 interface out of ethernet/19 and 20. Main interface is going to be "LAN", ae1.20 subinterface is tagged vlan 20 "DMZ", ae1.21 subinterface is tagged vlan 21 "DMZ2" for now at least. I incorrectly made this a layer2 interface and I need IP's on each of these and make it a layer 3 to do a little routing too. So I go to change it and every time I try to commit, it says commit failed. I found an online kb how to look up in the logs if the web ui does not indicate why it failed. Here is the last few lines of the log file... 2021-04-19 10:19:49.936 -0400 NTDB-vif_create_increment_script: 0 sec runtime error File write for /tmp/.tMZlAq refused runtime error xsltApplyStylesheet: forbidden to save to /tmp/.tMZlAq runtime error File write for /tmp/.Jkn2O0 refused runtime error xsltApplyStylesheet: forbidden to save to /tmp/.Jkn2O0 2021-04-19 10:19:50.753 -0400 kill SIGUSR1 to pid 0 2021-04-19 10:19:50.753 -0400 Sending phase_abort to DP 2021-04-19 10:19:50.754 -0400 Error: cfgagent_modify_callback(pan_cfgagent.c:94): Modify string (sw.mgmt.runtime.clients.device.err) error: USER (1) 2021-04-19 10:19:50.774 -0400 Phase_abort to DP done, Setting ctrl state to IDLE 2021-04-19 10:19:50.774 -0400 Config commit phase1 failed 2021-04-19 10:19:50.774 -0400 Deleted alt data in redis 2021-04-19 10:19:50.774 -0400 No need to sync base ids in cfg 2021-04-19 10:19:50.774 -0400 devsrvr only commit failed, phase_abort skipped , after SIGTERM, set config to idle 2021-04-19 10:19:51.015 -0400 Error: bool_modify_callback(pan_cfgagent.c:112): Modify boolean (sw.mgmt.runtime.clients.device.p1done) error USER (1) Does this shed any light on whats going on?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
2 weeks ago
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2021 - Palo Alto Networks
