Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
Panorama Template Commit Fails on New Firewall - Knowledge Base - Palo Alto Networks

Panorama Template Commit Fails on New Firewall

73375
Created On 03/21/19 21:04 PM - Last Modified 03/26/19 16:32 PM


Symptom


This occurs when committing a template config to a new device fails due to a validation error on eth1/1 with the below message or similar.

Here are the details as shown in the screenshot below:
  • Validation Error:
  • network -> virtual-router -> (VR name) -> interface 'ethernet1/1' is not a valid reference
  • network -> virtual-router ->(VR name) -> interface is invalid
  • vsys1
  • Error: zone (zone name) type and interface ethernet1/1 type mismatch
  • (Module: device)
  • Commit failed
Screenshot of Last Push Slate Details


Environment


Panorama
PAN-OS


Cause


During commit, the configuration is validated before being applied.
The validation is unable to match the pushed zone and interface type to the existing default virtual wire (vwire).

Screenshot of Ethernet tab.
 


Resolution


Step 1: On the firewall, change the interface type to Layer 3 for the vwire interfaces
User-added image


Step 2: Delete the existing vwire and commit the change on the firewall
Delete the default v-wire


Step 3:  On Panorama, push the template and select Merge with Device Candidate Config:
Merge with Device Candidate Config
 


Additional Information


NOTE: The push is unable to remove the interface from the default vwire and change the type because the existing vwire can not commit without interfaces. Forcing the template config does not change this, and it will not remove the default vwire.

Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000boNjCAI&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language