Commit Failure with Error 'any' zone is invalid from rule.
6298
Created On 04/22/19 08:28 AM - Last Modified 10/12/19 01:46 AM
Symptom
When performing commit operation on the firewall it fails with the Error: "any zone is invalid from rule" as displayed below.
Details:
vsys2
Error: Rulebase 'security'
'any' zone is invalid from rule 'Test_Policy'
Error: Failed to parse security policy
(Module: device)
Commit failed
Environment
- PAN-OS 8.0 and 8.1.
- Any Palo Alto Firewall.
Cause
The firewalls were not configured with any Zones in the reported Vsys (vsys2 in this case).
Resolution
To use "any" as Zone in the security policy, It is mandatory to configure at least one zone in that Vsys.
- Create a Zone in Vsys displayed in the error message (GUI: Network > Zones).
- Perform commit operation and it will be successful.
Additional Information
Commit failure message as seen in GUI below.