Commit Failing When NetFlow Profile is Applied with error "without a valid service-route"

Commit Failing When NetFlow Profile is Applied with error "without a valid service-route"

30656
Created On 03/26/19 13:53 PM - Last Modified 08/22/25 06:02 AM


Symptom


Commit is failing when NetFlow profile is applied on an interface with error message. 
Error: NetFlow profile Netflow-Server-Profile used on interface ethernet1/3 without a valid service-route
(module: device)
Commit failed

The screenshot below shows a commit failure after applying a NetFlow profile on interface ethernet1/3.
User-added image

 

Environment


PA-5200 series firewalls
PA-7000 series firewalls

Newer models:

PA-5450

PA-7500

Cause


The commit will fail if a service route is not configured because you cannot use the management (MGT) interface to send NetFlow records from the PA-7000 Series and PA-5200 Series firewalls. This also applies to the newer firewall models: PA-5450 and PA-7500.

For other firewall models, a service route is optional. For all firewalls, the interface that sends NetFlow records does not have to be the same as the interface for which the firewall collects the records.
 

Resolution


Configure the service route for the NetFlow service.
  1. Navigate to Device > Setup > Services 
  2. Click "Service Route Configuration"
  3. Under Services, click NetFlow and select the required interface
    1. NOTE: (Any, Use default, and MGT are not valid interface options for PA-7000 Series or PA-5200 Series firewalls.)

User-added image
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kcsArticleDetail?id=kA10g000000boRv&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkcsArticleDetail

Choose Language