Commit Failure with Error 'any' zone is invalid from rule.

Commit Failure with Error 'any' zone is invalid from rule.

6298
Created On 04/22/19 08:28 AM - Last Modified 10/12/19 01:46 AM


Symptom


When performing commit operation on the firewall it fails with the Error: "any zone is invalid from rule" as displayed below. 
Details:
  vsys2
  Error: Rulebase 'security'
  'any' zone is invalid from rule 'Test_Policy'
  Error: Failed to parse security policy
  (Module: device)
  Commit failed


Environment


  • PAN-OS 8.0 and 8.1.
  • Any Palo Alto Firewall.

Cause


The firewalls were not configured with any Zones in the reported Vsys (vsys2 in this case).

Resolution


To use "any" as Zone in the security policy, It is mandatory to configure at least one zone in that Vsys.
  1. Create a Zone in Vsys displayed in the error message (GUI: Network > Zones).
  2. Perform commit operation and it will be successful.


 

Additional Information


Commit failure message as seen in GUI below.

User-added image
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kcsArticleDetail?id=kA10g000000PLhs&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkcsArticleDetail