Commit Validation Error: "application-filter -> http 'http' is already in use, application-filter is invalid"

Commit Validation Error: "application-filter -> http 'http' is already in use, application-filter is invalid"

14538
Created On 02/07/24 13:36 PM - Last Modified 03/20/24 22:50 PM


Symptom


After PAN-OS upgrade, commit fails with the following validation error: 
Validation Error:
application-filter -> http 'http' is already in use
application-filter is invalid
Commit failed


Environment


  • Any Palo Alto Networks Firewall
  • PAN-OS versions:
    • 10.1.11 and above
    • 10.2.8 and above
    • 11.0.3 and above
    • 11.1.0 and above

Cause


An additional check was introduced with PAN-214987 that disallows the use of certain names that may match or include internal protocol names.

Resolution


  1. Rename application filter 'http' to a unique name such as 'http_filter' using the CLI:
> configure
# rename shared application-filter http to http_filter
# exit
  1. Vsys specific command is as below
> configure
# rename vsys vsys1 application-filter http to http_filter  >> (change vsys1 to the required vsys)
# exit
  1. "Commit" the changes.

Additional Information


Note:
The rename must be done from the CLI. Attempting to rename the application-filter via the GUI will result in the error: 
http 'http' is already in use
Release Notes:

Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000XhkLCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language