观察到“配置推送被阻止”时要检查什么<serial number>在租户<tenant id>原因:在加入 PA 系列下一代防火墙时,设备的路由堆栈模式与租户的路由堆栈模式不匹配</tenant></serial>
5241
Created On 05/28/24 06:40 AM - Last Modified 07/11/25 20:15 PM
Question
What to check when observing the following error message while onboarding PA-Series Next-Generation Firewalls.
Config push is blocked to <serial number> in tenant <tenant id>. Reason: Routing stack mode of the device doesn't match the one for the tenant
Environment
- Strata 云管理器
- PA 系列下一代防火墙
- 支持的 PAN-OS 版本(运行 PAN-OS 10.2.3 及更高版本的防火墙支持加入 Strata Cloud Manager)
Answer
When observing this error message, the state of the advanced-routing feature should be checked.
If the feature is turned off, it has to be turned on from CLI (command-line interface) by following the below steps.
- 确保是否从CLI打开了高级路由。
- 如果结果显示“advanced-routing: off”,则必须打开高级路由功能。
- 提交更改。
- 重新启动设备。
1. > show system info | match model\|sw-\|advanced-routing hostname: PA-415-5G sw-version: 11.1.2-h3 advanced-routing: off <<<---!!! 2. > configure # set deviceconfig setting advance-routing yes 3. # commit 4. # run request restart system
Additional Information
防火墙
https://docs.paloaltonetworks.com/ngfw/administration/onboard-devices-and-deployments/onboard-your-devices/onboard-a-firewall