Here is a simple firewall group that would not let me execute a commit despite that address-group in question has been defined.
This is the config.boot :
firewall { all-ping enable broadcast-ping disable config-trap disable group { ... } address-group emby { address 10.0.7.10 } ... } port-group emby { port 8096 port 8920 }
This is the error I was getting when committing :
vyos@fw01# commit [ firewall name trust_to_server rule 710 destination group address-group emby ] Group [emby] has not been defined [[firewall name trust_to_server]] failed Commit failed
This is the candidate config :
vyos@fw01# compare [edit firewall name trust_to_server] +rule 710 { + action accept + description "emby access" + destination { + group { + address-group emby + port-group emby + } + } + protocol tcp +}
I deleted the address-group then save the config to overwrite the previous config.boot. By doing this, I got a new error message as shown below.
vyos@fw01# commit [ firewall name trust_to_server rule 710 destination group port-group emby ] Error: group [emby] is of type [address] not [port] [[firewall name trust_to_server]] failed Commit failed
I was able to commit when I renamed one of the groups. In my case, I renamed the port-group to emby_app and the system let me commit.
Now, I am not sure if I encountered two different issues here.