Unable to Revert the Interface Config to Panorama Pushed Config

Unable to Revert the Interface Config to Panorama Pushed Config

29688
Created On 03/29/19 03:32 AM - Last Modified 04/03/19 15:37 PM


Symptom


  • Firewall is managed by Panorama.
  • Interface configuration is pushed from Panorama to firewall and locally overridden on the firewall.
  • When selecting the interface in question and clicking Revert, it fails with the errors below:
member cannot be deleted because of references from:
network -> virtual-router -> default -> routing-table -> ip -> static-route -> Palo_Route -> interface

Snapshot 1: Interface in questions is ethernet1/6.

User-added image

Snapshot 2: Showing error when try to revert:

User-added image

 

Environment


PAN-OS
Firewall managed by Panorama

Cause


  • This happens when the Panorama pushed virtual router configuration is locally overridden on the firewall with any new configuration (on the virtual router), referencing the interface in question.
  • The above screenshots showing revert error was due to ethernet1/6 interface being referenced in the static route (which was created locally on the firewall after overriding the virtual router)


 

Resolution


Solution 1:
Delete the static route (reference the interface in question) by editing the virtual router configuration.

Solution 2
Revert the virtual router config by navigating to Network > Virtual Routers. Reverting the virtual router will delete all the local configuration that was done after overriding the virtual router.
User-added image

 

Additional Information



 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000PLIx&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkcSArticleDetail

Choose Language