COMMIT ERROR:" Missing ipv4 pool from for Config"
8102
Created On 06/23/20 21:51 PM - Last Modified 07/21/20 00:35 AM
Symptom
- Commit failure when “Retrieve Framed-IP-Address attribute from authentication server” is enabled and "Authentication Server IP Pool" is configured.
- Below is an example of the commit failure message.
Result Failed
Details: missing ipv4 pool from for config 'gp_123' in gateway GP_GTY (tunnel GP_TNL-N)
(Module: rasmgr)
Commit failed
Environment
- Palo Alto Firewall
- Authentication server IP pool configuration under the Gateway client setting
- Pan-OS 8.1.X
Cause
- Enable "Retrieve Framed-IP-Address attribute from authentication server" notice 'Authentication Server IP Pool' turns yellow as a mandatory field.
- Configure the "Authentication Server IP Pool". At this stage, even though the "IP pool" isn't a mandatory field you will still get the commit failure.
Resolution
- Configure an "IP Pool" IP subnets or ranges.
- IP subnets or ranges shouldn't conflict between "IP Pool" and "Authentication server IP pool"
Additional Information
- The "IP Pool" will serve as a fallback. When a GP client attempts to authenticate to the Authentication Server, it will request for the Framed IP address. If the framed IP isn't returned, the GP client will receive an IP address from the "IP Pool".
- In PAN-OS version 9.0 and above the "IP Pool" configuration isn't mandatory anymore if "Authentication server IP pool" is configured.