Validtion Error "devices is invalid" seen after removing a device from Panorama

Validtion Error "devices is invalid" seen after removing a device from Panorama

1446
Created On 06/23/22 22:00 PM - Last Modified 06/24/24 23:55 PM


Symptom


  • Managed Firewall removed from Panorama.
  • When attempting to commit the following error is returned.
Validation Error:
Shared -> pre-rulebase -> security -> rules -> <rule_name> -> target -> devices -> <removed S/N> '<removed S/N>' is not a valid reference
Shared -> pre-rulebase -> security -> rules -> <rule_name> -> target -> devices is invalid

 

Environment


  • Panorama with managed Firewalls
  • Supported PAN-OS
  • Validation error

Cause


  • Serial Number (S/N)  does not exist in a device group but S/N is still referenced in a security policy.
  • Security Policy only displays S/N that reside in device groups.

Resolution


  1. Add S/N back to the Panorama.
  2. Choose an existing device group.
  3. Add S/N to a device group.
  4. Navigate to the Security Rule that was called in the error.
  5. Remove the S/N from the Security Rule's Targets.
  6. Remove S/N from Device Group.
  7. Delete Device.
  8. Commit.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqADCA0&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail