Palo Alto Predefined IP Commit Error Fix

Palo Alto Predefined IP Commit Error Fix

In this post I will detail how to resolve the Palo Alto commit error when trying to commit a predefined IP list.

Below is an example of the error

Validation Error:
external-list -> Palo Alto Networks Tor exit IP Addresses -> type -> predefined-ip -> url 'panw-torexit-ip-list' is not a valid reference
external-list -> Palo Alto Networks Tor exit IP Addresses -> type -> predefined-ip -> url is invalid

I’ve commonly ran into the issue on a fresh Palo Alto setup right after loading the day 1 configuration and trying to make that commit.

Here is step-by-step how to fix the predefined IP list error.

On a very fresh setup nothing will likely be listed in the dynamic updates. This is why we get the commit error as some of the predefined IP lists are delivered via dynamic updates.

Once the Antivirus is installed the dynamic update section will look something like this.

That’s all it takes to resolve the commit error when trying to commit a predefined IP list.

Palo Alto used to have an article about the fix and it was called “Commit Validation Error: ‘panw-xxxxx-ip-list’ is not an allowed keyword” but that article doesn’t work anymore for some reason if it is ever fixed this was the url https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004Nh7CAE

Exit mobile version