Symptom

当尝试在 Panorama 未更改的配置上提交/推送获取验证错误时。
提交错误与 HIP 配置文件相关

============================
Validation Error:
devices -> localhost.localdomain -> device-group -> User VPN -> profiles -> hip-profiles -> GPProfile-StageNet-Hostchecker -> match '("GPProfile-Stagenet-OS-Check" or "GPProfile-Stagenet-AV-Check" ) 
and "GPProfile-Stagenet-Mobile-OS" ' is invalid. Invalid match criteria
devices -> localhost.localdomain -> device-group -> User VPN -> profiles -> hip-profiles -> GPProfile-StageNet-Hostchecker -> match is invalid
devices -> localhost.localdomain -> device-group -> BND LAN -> profiles -> hip-profiles -> GPProfile-Stagenet-AV-Check -> match 'not ("Traps" ) 
and "GPProfile-Stagenet-Mobile-OS" ' is invalid. Invalid match criteria
devices -> localhost.localdomain -> device-group -> BND LAN -> profiles -> hip-profiles -> GPProfile-Stagenet-AV-Check -> match is invalid
devices -> localhost.localdomain -> device-group -> Admin VPN -> profiles -> hip-profiles -> GPProfile-NDIT Hostchecker -> match '("GPProfile-Stagenet-OS-Check" or "GPProfile-Stagenet-AV-Check" ) 
and "GPProfile-Stagenet-Mobile-OS" ' is invalid. Invalid match criteria
devices -> localhost.localdomain -> device-group -> Admin VPN -> profiles -> hip-profiles -> GPProfile-NDIT Hostchecker -> match is invalid
===============================

Environment

Panorama
PAN-OS 版本 9.1.x， 10.0.x

Cause

这是由 PAN-166306 固定在 PAN-OS 9.1.10， 10.0.6 上的软件问题引起的

Resolution

解决这个问题的解决方法：

选项
1：1。重新启动以程：

debug software restart process configd 
debug software restart process management-server

2. 添加测试对象并执行提交。

选项
2：2。如果上面不起作用，则在"共享"下而不是在设备组下配置对象。

Additional Information

PAN-OS 10.0.6 已解决的问题。

pan-os -10-0-6 问题.html

PAN-166306

修复了在验证 HIP 对象和配置文件时提交作业失败的问题。

Panorama 具有配置文件错误的提交/推送验证 hip 错误

Symptom

Environment

Cause

Resolution

Additional Information

https://docs.paloaltonetworks.com/ pan-os /10-0/ pan-os - 发行说明/ pan-os -10-0 处理问题/ pan-os -10-0-6 问题.html

Other users also viewed: