Firewall commit failing with error "aeX 'aeX' is invalid" when new Aggregate Ethernet configuration is pushed from Panorama

Firewall commit failing with error "aeX 'aeX' is invalid" when new Aggregate Ethernet configuration is pushed from Panorama

4818
Created On 06/26/24 13:01 PM - Last Modified 01/21/25 22:23 PM


Symptom


  • Configuring new aggregated interface on Panorama managed Firewall.
  • Configuring an AE ID with one of the suggested AE numbers results in a successful commit to Panorama.
  • When using "Push" to push the the configuration to the Firewall, it fails with error similar to below: 
    Validation Error:
network -> interface -> aggregate-ethernet -> ae20 'ae20' is invalid
network -> interface -> aggregate-ethernet is invalid
Warning: interface ethernet1/1 lacp port-priority is ignored because lacp is not enabled on ae20.
(Module: l2ctrld)
Commit failed

Environment


  • Panorama managed Firewall
  • Supported PAN-OS
  • Aggregate Ethernet (AE) 

Cause


When creating a new aggregated interface from Panorama, the aggregation group ID range is displayed as 1-32 

Panorama-ae.png

When creating the aggregated interface directly on the firewall, the range supported on the firewall is displayed. In this case the range is 1-14 for PA-5420

FW-AE.png
 

Resolution


  1. Ignore the suggested AE ID's presented in Panorama
  2. Configure an AE ID in the range that appears on the specific firewall that is being pushed to.
  3. Commit will be successful on the Firewall.

Additional Information


Refer to the Maximum Aggregate interfaces supported in the Product Comparison.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000scQKCAY&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language