Commit fails with validation errors 'disconnect-on-idle is invalid' and 'minutes should be equal to or between 5 and 43200'

• The commit from Panorama to Palo Alto Strata firewalls fails with error "disconnect-on-idle is invalid' and 'minutes should be equal to or between 5 and 43200'
• There is no validation error during Panorama local commit. 
• The failure is during the commit processing on the firewall. 
• Here, the Disconnect On Idle value is already configured between the range 5 and 43200 but the commit continues to fail with the same error. 

• Panorama managed Palo Alto Firewalls.
• Panorama PAN-OS version 10.0.x.
• Managed Firewalls PAN-OS version 10.0.x or below.

1. Verify the value configured on the Global protect gateway by navigating to GUI:Panorama > Networks> GlobalProtect > Gateway > Edit the gateway > Agent >Connection Settings >Disconnect On Idle.
2. The value should be between the range 5 and 43200
3. If the value for Disconnect On Idle is already in the range above, Proceed to next step
4. Change Inactivity Logout value between the range ( 5 and 43200) under GUI: Panorama > Networks> GlobalProtect > Gateway > Edit the gateway > Agent >Connection Settings >Inactivity Logout  
5. The drop down value selected here does not matter. It can still be Minutes , Hours or Days. The numeric value equal to 5 or above makes the difference.

• If the workaround is not acceptable, Contact Palo Alto Networks support to apply the workaround manually without changing the configuration which would require an engineer to make change via root login.
• Here, the firewall is replacing the Inactivity Logout numeric value with  Disconnect on Idle value pushed by the panorama and hence the validation fails. 
• The issue will be fixed in an upcoming release of 10.0.x 

The issue is triggered with when following conditions are met.

• When the Panorama is upgraded to 10.1 followed by a commit & push. Here the firewalls are still on 10.0.0 or below version. 
• Panorama is downgraded back to 10.0.x version