Commit Error With Reason "Error: Error unserializing profile objects" and "failed to handle CONFIG_UPDATE_START"
55480
Created On 01/21/20 04:45 AM - Last Modified 06/02/20 21:46 PM
Symptom
- The following commit error is observed after making some configuration changes:
Error: Error unserializing profile objects
failed to handle CONFIG_UPDATE_START
(Module: device)
Commit failed
- Another example of a similar error:
failed to handle CONFIG_UPDATE_START
Error: Failed to get vsys config, already allocated (21626880 bytes)
Environment
- Any PanOS
- Palo Alto Firewall
Cause
- This error is typically indicating there isn't enough dataplane memory available for the size of the configuration
- A typical cause is the size of the EDL lists as well as the number of references to each list - each reference multiplies the amount of configuration memory required
- The dataplane configuration memory can also reach capacity due to the following objects:
- static Address Objects
- FQDN's
- Dynamic Address Groups
- IP EDL Lists
Resolution
Reference the article : How To Check The Dataplane Config Memory Available to view the utilization of the dataplane configuration memory.
Solutions to reduce the configuration memory size are to :
- reduce the number of entries in the EDLs, FQDNs, Dynamic Address Groups objects
- reduce the number of references to the IP and URL EDLs, address objects, FQDNs, Dynamic Address Groups. The objects can be referenced in:
- Policies (source, destination, URL Category fields)
- URL EDLs can also be referenced in URL Filtering Profiles and Custom URL categories - to remove the reference to a URL , you can do so under GUI: Objects > Security Profiles > URL Filtering > and change the "Site Access" and "User Credential Submission" actions to "none" so that the list is no longer referenced.
Additional Information
- In PanOS 9.0 there is an enhancement that will improve memory utilization related to URL profiles and categories that reference URL based EDLs.