Unable to Revert the Interface Config to Panorama Pushed Config
36296
Created On 03/29/19 03:32 AM - Last Modified 04/03/19 15:37 PM
Symptom
- Firewall is managed by Panorama.
- Interface configuration is pushed from Panorama to firewall and locally overridden on the firewall.
- When selecting the interface in question and clicking Revert, it fails with the errors below:
member cannot be deleted because of references from: network -> virtual-router -> default -> routing-table -> ip -> static-route -> Palo_Route -> interface
Snapshot 1: Interface in questions is ethernet1/6.
Snapshot 2: Showing error when try to revert:
Environment
PAN-OS
Firewall managed by Panorama
Cause
- This happens when the Panorama pushed virtual router configuration is locally overridden on the firewall with any new configuration (on the virtual router), referencing the interface in question.
- The above screenshots showing revert error was due to ethernet1/6 interface being referenced in the static route (which was created locally on the firewall after overriding the virtual router)
Resolution
Solution 1:
Delete the static route (reference the interface in question) by editing the virtual router configuration.
Solution 2:
Revert the virtual router config by navigating to Network > Virtual Routers. Reverting the virtual router will delete all the local configuration that was done after overriding the virtual router.