I recently experienced a situation where an attempted push of firewall configuration was failing for a single production HA firewall. The error being received when attempting the push was the following:

vsys -> vsys1 -> profiles -> spyware -> PROFILE -> mica-engine-spyware-enabled unexpected here
vsys -> vsys1 -> profiles -> spyware is invalid

The validation error can be fixed by simply performing a restart of services on the Panorama server:

debug software restart process configd
debug software restart process management-server

After each command is run on Panorama, you’ll need to wait a couple of minutes for each to take effect before you may access the CLI again. If this process alone does not fix the issue then I would suggest getting a case opened with Palo Alto Support to find an alternative solution to the specific issue being experienced.

Panorama Push Failure
Tagged on:             

You May Also Like

Juniper Netscreen Packet-Tracer Alternative (Debug Flow)

Juniper Netscreen Packet-Tracer Alternative (Debug Flow)

Cisco ASA regex blocking

Cisco ASA regex blocking

Juniper Netscreen Site-to-Site VPN Rekey

Juniper Netscreen Site-to-Site VPN Rekey

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.