Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
COMMIT ERROR:" Missing ipv4 pool from for Config"

COMMIT ERROR:" Missing ipv4 pool from for Config"

8102
Created On 06/23/20 21:51 PM - Last Modified 07/21/20 00:35 AM


Symptom


 
  • Commit failure when “Retrieve Framed-IP-Address attribute from authentication server” is enabled and "Authentication Server IP Pool" is configured.
  • Below is an example of the commit failure message.

Result Failed

Details: missing ipv4 pool from for config 'gp_123' in gateway GP_GTY (tunnel GP_TNL-N)

(Module: rasmgr)

Commit failed



Environment


  • Palo Alto Firewall
  • Authentication server IP pool configuration under the Gateway client setting
  • Pan-OS 8.1.X


Cause


  • Enable "Retrieve Framed-IP-Address attribute from authentication server" notice 'Authentication Server IP Pool' turns yellow as a mandatory field.
User-added image
  • Configure the "Authentication Server IP Pool". At this stage, even though the "IP pool" isn't a mandatory field you will still get the commit failure.
User-added image
 


Resolution


  1. Configure an "IP Pool" IP subnets or ranges.
  2. IP subnets or ranges shouldn't conflict between "IP Pool" and "Authentication server IP pool" 
  
User-added image


Additional Information


  • The "IP Pool" will serve as a fallback. When a GP client attempts to authenticate to the Authentication Server, it will request for the Framed IP address. If the framed IP isn't returned, the GP client will receive an IP address from the "IP Pool".
  • In PAN-OS version 9.0 and above the "IP Pool" configuration isn't mandatory anymore if "Authentication server IP pool" is configured. 


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UXUCA2&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language