Selected used policy rules when marking 'Highlight unused rules' checkbox

Selected used policy rules when marking 'Highlight unused rules' checkbox

708
Created On 04/24/25 09:06 AM - Last Modified 08/06/25 03:38 AM


Symptom


  • When Read-only accounts click checkbox option "Highlight unused rules" over Policies> Security/NAT unused and used rules get wrongly selected

Affected Behavior

  • GUI: Device > Administrator > $name > Administrator type Dynamic - Superuser(read-only) || Device Administrator (read-only)
  • The highlighted rules are a total of 5

 

Correct Behavior:

  • GUI: Device > Administrator > $name > Administrator type Dynamic - Superuser(read-only) || Device Administrator 
  • Only 1 rule is highlighted.

 

 

 

Environment


  • Any Panorama
  • Any Palo Alto Firewalls
  • PANOS 10.2.x, 11.1.x, 11.2.x and 12.1.x

Cause


  • Software Issue

Resolution


  1. The issue is fixed under PAN-268614.
  2. The following versions has the fix for the issue.
    • 11.2.7, 11.2.8, 12.1.2, 12.2.0, 11.1.11, 10.2.16, 10.2.17, 11.1.9, 11.1.7-h2, 11.1.6-h7, 11.1.4-h18, 10.2.13-h8, 10.2.7-h29, 10.2.10-h19 
  3. Upgrading to the fixed versions or later will resolve the issue (some of the above versions are still unreleased).
  4. As a workaround, using the following CLI command with match "0" to to highlight the correct unused rules. 
    Firewall> show rule-hit-count vsys vsys-name vsys1 rule-base security rules all | match ' 0 '

     

Additional Information


11.1.9- release notes

23 July 25 (Vijay) - Article reviewed with Adnan and published external.

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000blMwKAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail