Unable to Revert the Interface Config to Panorama Pushed Config
Created On 03/29/19 03:32 AM - Last Modified 04/03/19 15:37 PM
- Firewall is managed by Panorama.
- Interface configuration is pushed from Panorama to firewall and locally overridden on the firewall.
- When selecting the interface in question and clicking Revert, it fails with the errors below:
member cannot be deleted because of references from: network -> virtual-router -> default -> routing-table -> ip -> static-route -> Palo_Route -> interface
Snapshot 1: Interface in questions is ethernet1/6.
Snapshot 2: Showing error when try to revert:
Firewall managed by Panorama
- This happens when the Panorama pushed virtual router configuration is locally overridden on the firewall with any new configuration (on the virtual router), referencing the interface in question.
- The above screenshots showing revert error was due to ethernet1/6 interface being referenced in the static route (which was created locally on the firewall after overriding the virtual router)
Delete the static route (reference the interface in question) by editing the virtual router configuration.
Revert the virtual router config by navigating to Network > Virtual Routers. Reverting the virtual router will delete all the local configuration that was done after overriding the virtual router.