Config validation failing due to "protocol -> bgp -> redist-rules is invalid" after upgrade from 8.0 to 8.1

Config validation failing due to "protocol -> bgp -> redist-rules is invalid" after upgrade from 8.0 to 8.1

12854
Created On 05/16/19 13:39 PM - Last Modified 08/03/20 16:02 PM


Symptom


  • Firewall with "Redistribution Rules" under BGP or "Export Rules" under OSPF setting within Virtual Router config might fail in config validation after upgrade from PanOS 8.0 to 8.1.
  • User would get an error "protocol -> bgp -> redist-rules is invalid" during config validation.

Environment


Issue affects all PanOS devices which are upgraded from PanOS 8.0.x to 8.1.x

Cause


In PanOS 8.1 and onwards, there is strict validation of subnets. This subnet validation check is not limited to BGP redistribution rules. Validation of other protocols' export rules are also being done.

Due to this condition, if the firewall has a host route prefix, without subnet mask (i.e. 10.10.10.10 instead of 10.10.10.10/32) configured in redistribution list, commit will fail.

User-added image
Incorrect prefix name

Resolution


To resolve the problem, admin should have correct subnet mask added to every prefix in redistribution rules. 
 
User-added image
Correct prefix name
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLzDCAW&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language