Commit validation error "Category Match should have 2 to 4 categories at most (Custom-URL-Category-Name)"

Commit validation error "Category Match should have 2 to 4 categories at most (Custom-URL-Category-Name)"

13329
Created On 03/08/21 02:11 AM - Last Modified 11/11/22 03:51 AM


Question


  • Validation/commit error is seen on the strata firewall or Prisma Access when a custom URL category  object is created with type as "Category Match".
  • The commit fails or throws validation error even if only the object is created and it is not used in any security rule.
  • The validation/commit failure does not occur in Panorama and the error is only observed directly on the firewall.
  • In case of Prisma access, the config is validated with the cloud service plugin  but fails the dataplane validation for mobile users/remote networks.
Example object which is created by the user (GUI: Objects > Custom Objects > URL Category)
URL object with type category

Validation or commit error:
Commit error

 

Environment


  • Any PanOS Strata Firewalls running 8.1 or above.
  • Any Prisma Access for Users or Networks  setup managed by Panorama.

Answer


  1. Custom URL category with type as Category match can have maximum 4 categories in an object.
  2. This failure is expected when more than 4 categories are used.
  3.  To use the URL functionality with multiple categories,  use URL profiles which has all the pre-defined categories and custom URL objects (type URL)  as categories.
  4. Details can be found in the admin guide and URL feature set
  5. To fix the commit/validation error, either delete the custom URL object and the associated security rules or reduce the number of categories in the object to 4 or less. 

Additional Information



 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001Uj2CAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language