Loading Partial Config Using "load config partial from-xpath" Command Blocks Selective Push to All Device Groups
3590
Created On 05/02/24 06:38 AM - Last Modified 07/28/25 08:07 AM
Symptom
- Load partial config via CLI command load config partial from-xpath and specify the device group name without commit. For example, load address objects list from backup config file (config_file.xml) to a specific DG name called "Test-DG",
load config partial from-xpath /config/devices/entry/vsys/entry/address to-xpath /config/devices/entry/device-group/entry[@name='Test-DG']/address mode merge from config_file.xml - Selective push is blocked for all device groups with error "Selective push is blocked since a load was performed, please perform full push.".
Environment
- Panorama
- Multiple device groups
- Selective push
Cause
- When loading partial config using load config partial from-xpath command, a full commit is required even though there is device group mentioned in xpath. This is because PAN OS does not process or scan device group in the xpath when determining which device group to be blocked due to config load.
- When loading partial config using load config partial device-group command, it will block selective push for that device group only, similar to when loading partial config via UI.
Resolution
Perform full commit after loading partial config or use load config partial device-group command when loading partial config to a specific device group.