Commit Failed due to Validation Error: "application-tag is invalid" as it's already in use

Commit Failed due to Validation Error: "application-tag is invalid" as it's already in use

23115
Created On 03/24/21 18:47 PM - Last Modified 05/31/25 03:19 AM


Symptom


  • Firewalls were upgraded from 9.0 to 9.1.
  • Following errors are seen when pushing commit from Panorama to Firewall.
Validation Error:
vsys -> vsys1 -> application-tag -> amazon-cloud-drive-base 'amazon-cloud-drive-base' is already in use
vsys -> vsys1 -> application-tag -> boxnet-base 'boxnet-base' is already in use
vsys -> vsys1 -> application-tag -> cloudapp-base 'cloudapp-base' is already in use
vsys -> vsys1 -> application-tag is invalid
vsys is invalid
devices is invalid

Environment


  • Panorama 
  • Firewall managed by Panorama
  • PAN-OS

Cause


  • Duplicate application tag configuration on Panorama and firewall.
  • In 9.0 and earlier, the Panorama config would overwrite the application tag config on the firewall, but in 9.1 and later the schema was changed so that this would cause a validation error.

     

Resolution


Delete the duplicate Application Tag on the Firewall
  1. Log into CLI of Firewall
  2. Enter Configuration Mode and delete duplicate application-tag
admin@PA-FW> configure
# delete vsys vsys1 application-tag amazon-cloud-drive-base


Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001Uw1CAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language