Commit Validation Error: panw-bulletproof-ip-list is not an allowed keyword

Commit Validation Error: panw-bulletproof-ip-list is not an allowed keyword

20314
Created On 02/24/22 02:34 AM - Last Modified 05/03/23 01:00 AM


Symptom


  • Commit Validation Errors:
panw-bulletproof-ip-list is not an allowed keyword
panw-bulletproof-ip-list is an invalid ipv4/v6 address
panw-bulletproof-ip-list invalid range start IP
panw-bulletproof-ip-list is not a valid reference
Commit Validation Errors panw-bulletproof-ip-list
 

Environment


  • Panorama PAN-OS version 9.0 or above
  • Firewall PAN-OS version 8.1 or below

Cause


The new built-in EDL object "Palo Alto Networks Bulletproof IP addresses" was introduced in PAN-OS version 9.0.
The built-in object panw-bulletproof-ip-list is not compatible with any PAN-OS version below 9.0.

Resolution


Remove the object "Palo Alto Networks Bulletproof IP addresses" from the Policy Rules which are pushed to the firewall:
  1. On Panorama, Go under the Policies tab,
  2. Locate and Remove the built-in object "Palo Alto Networks Bulletproof IP addresses" from all the Policy Rules which are pushed to the firewalls running version 8.1 or below.
Note: the object may be located in the Shared policy (which is applied to all firewalls) and must be removed from there as well.
Policy rules panw-bulletproof-ip-list

Additional Information


PAN-OS Documentation, New Features Guide version 9.0: Built-In External Dynamic List for Bulletproof Host
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004NKmCAM&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language