Palo Alto Networks Knowledgebase: Committing template configurations when referencing Device Group objects
Committing template configurations when referencing Device Group objects
Created On 02/07/19 23:45 PM - Last Updated 02/07/19 23:45 PM
Zone and DoS Protection
When attempting to create a template that references configurations from Device Group, such as Address Objects, Address Group, Services, etc, Template push from Panorama to device fails.
This happens because the newly referenced items have not been commited to the firewall yet, and because those items have not been pushed to the firewall, the error will be displayed.
If an object is created in the Device Group: (Panorama > Objects > Addresses)
And referenced in the template configuration(Panorama > Network > Interfaces)
The template push commit fails since the Device Group configurations are not yet pushed to the device
"Validate Changes" also shows that the template push fails with the same error messages
Commit from Device Group, with the Include Network and Device Template option enabled to allow the template push to succeed along with the Device Group references.
To ensure that commit of template configurations work when referencing Device Group object, the commit must be done from the Device Group tab, with “Include Device and Network Templates” option enabled.
Commit succeeds now that both Device Group and Template configurations are committed together
Checking on the firewall shows the object is committed and referenced correctly: (Firewall WebGUI > Network > Interfaces)