Commit fails with error " ipv4 is invalid" when a Shared Object is added to Source Address Exclusion in zone protection profile

• On Panorama, Shared object is added to the Source Address Exclusion under GUI: Network > Zone protection > (Profile name) > Reconnaissance Protection.
• Share-unused-objects-with-devices is disabled.
• push the changes to Firewall
• Commit fails with error: "network -> profiles -> zone-protection-profile -> ipv4 is invalid"

Validation Error:
network -> profiles -> zone-protection-profile -> ipv4 <test-object-1> is an invalid ipv4/v6 address
network -> profiles -> zone-protection-profile -> ipv4 '<test-object-1>' is invalid. Invalid IPv4 address
network -> profiles -> zone-protection-profile -> ipv4 is invalid
Error: Profile compile error, name Zprotection zone parsing error
Error: Profile compiler : invalid profile name Zprotection
Error: Profile compiler : Global section error
Error: Profile compiler : parsing config error
(Module: device)
Commit failed

• Any Panorama
• Pan-OS version: 8.1.7, 9.1.12, 10.1.8, 10.2.3

1. The issue is fixed under PAN-194175 in PAN-OS 9.1.16, 10.1.9, and 10.2.4 versions.
2. Upgrade to the above versions will resolve the issue.

1. On the Panorama device group, create one dummy policy, by navigating to Policies > Security policy  > Pre rules and add the address objects which are configured in "source address exclusion "
2. Therefore, the address objects are considered as referenced/ used, and the commit & push to Firewall will be successful.