How to remove Dynamic tag with register ip address?
19835
Created On 06/27/19 23:56 PM - Last Modified 02/10/21 22:11 PM
Objective
- Customer needs to remove Dynamic TAG with register-ip-address.
- Attempts to delete the object from the GUI prove unsuccessful.
Environment
- PA-220
- PAN-OS 9.0.X (Firewall)
Procedure
To get rid of the dynamic tags, the following steps need to be applied:
- Click Object > Tags in the GUI and delete the dynamic tag.
- Commit the firewall
- Run the following command from the CLI to clear the dynamic tag:
> debug object registered-ip clear all
- After clearing the tags from the CLI, reboot the firewall:
> request restart system
Note: Restarting involves downtime. So please execute the "restart" command during the maintenance window
Additional Information
Per Engineering, this is expected behavior. We don't delete dynamic tags until system process (useridd) restarts. Therefore, dynamic tags are not part of the config. Therefore additional steps need to be carried out to remove the dynamic tags.