提交验证错误,指内在 EDL 对象"泛高-高-ip列表"和"泛已知ip列表"

提交验证错误,指内在 EDL 对象"泛高-高-ip列表"和"泛已知ip列表"

37995
Created On 11/20/19 10:45 AM - Last Modified 08/13/21 21:41 PM


Symptom


  • 配置验证错误是指内置外部动态列表 [ EDL 对象"泛高风险 ip 列表" 和"泛已知 ip 列表",在本地 firewall 提交期间或将配置从 Panorama 托管防火墙推入时。
  • CLI 输出:
Validation Error:
rulebase -> security -> rules -> EDL-Test -> destination 'panw-highrisk-ip-list' is not an allowed keyword
rulebase -> security -> rules -> EDL-Test -> destination panw-highrisk-ip-list is an invalid ipv4/v6 address
rulebase -> security -> rules -> EDL-Test -> destination panw-highrisk-ip-list invalid range start IP
rulebase -> security -> rules -> EDL-Test -> destination 'panw-highrisk-ip-list' is not a valid reference
rulebase -> security -> rules -> EDL-Test -> destination 'panw-known-ip-list' is not an allowed keyword
rulebase -> security -> rules -> EDL-Test -> destination panw-known-ip-list is an invalid ipv4/v6 address
rulebase -> security -> rules -> EDL-Test -> destination panw-known-ip-list invalid range start IP
rulebase -> security -> rules -> EDL-Test -> destination 'panw-known-ip-list' is not a valid reference
rulebase -> security -> rules -> EDL-Test -> destination is invalid
  • WebUI 输出:
     用户添加的图像
 

Environment


  • 防火墙 [ Hardware 和 VM ]
  • Panorama 

Cause


  • "Panw-高风险-ip列表"和"潘已知-ip列表"是内置的外部动态列表 EDL []对象,这将仅在 firewall "应用程序和威胁"和"防病毒"等动态更新安装时出现在"对象"上 firewall 。

Resolution


下载并安装以下动态更新 firewall 以解决此问题。
  1. "应用程序和威胁" - WebUI 登录>>设备>>动态>>下载和安装"应用程序和威胁"。
  2. "防病毒" - WebUI 登录>>设备>>动态>>下载和安装 "防病毒".
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNZgCAO&lang=zh_CN&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language