Overview
This document describes how to validate a candidate configuration from the Command Line Interface (CLI).
Details pre PAN-OS 7.0
The following CLI command can be used to validate a candidate configuration before committing:
> configure
Entering configuration mode
[edit]
# commit validate
For a valid candidate configuration, the following would be the output:
# commit validate
.......10%.....20%.....30%.....40%.....50%.....60%.....70%.....80%.....90%.....100%
Configuration is valid
[edit]
For an invalid configuration, the following would be the output:
> configure
# commit validate
....
Validation Error:
network -> interface -> ethernet -> ethernet1/11 'ethernet1/11' is not a valid reference
network -> interface -> ethernet is invalid
[edit]
#
From PAN-OS 7.0 and later
the validate command has been split off from the commit operation and can now be executed by itself.
both a full and a partial validation can be performed, a partial validation wil ltake less time to complete:
admin@myNGFW# validate
> full full
> partial partial
admin@myNGFW# validate partial
+ device-and-network device-and-network
+ shared-object shared-object
> no-vsys no-vsys
> vsys vsys
<Enter> Finish input
admin@myNGFW# validate full
Validate job enqueued with jobid 1422
1422
[edit]
admin@myNGFW(active)> show jobs id 1422
Enqueued Dequeued ID Type Status Result Completed
------------------------------------------------------------------------------------------------------------------------------
2017/06/21 23:05:14 23:05:14 1422 Validate FIN OK 23:05:41
Warnings:Interface tunnel has no zone configuration.
Interface tunnel has no virtual-router configuration.
Details:Configuration is valid
owner: kadak