How to move or copy objects in configuration from one location to another
Objective
This article can help you:
- Move/copy all objects from one Device Group to another Device Group in Panorama
- Move/copy all objects from a Device Group to Shared or vice versa in Panorama
- Move/copying all objects from one Vsys to another Vsys on firewall
- Move/copy all objects from one Vsys to Shared
- Copy all objects from an external configuration to firewall configuration
Environment
- Panorama
Procedure
Before you begin:
- Take a backup of your configuration
- Set commands from the CLI can also be used to the same effect, but setting and deleting commands are a lengthy task if there are a large number of objects.
- This method can also be modified to import specific objects into the candidate configuration.
Test Case: Moving all address objects from a device group to shared in Panorama
-
Save the firewall/Panorama configuration snapshot locally. Go to Device > Setup > Operations > Choose 'Save named Panorama configuration snapshot'.
-
Open a web session to the firewall or Panorama's API browser: https://<hostname>/api. In the example that follows, this is the Panorama API.
-
Use the API browser to find the xml path (XPath) of the source and target elements. In the example below, one would have selected Configuration Commands > Devices > localhost.localdomain > device-group > PA200 > address in order to view that page.
Note that from the XPath listed above, we identify the from-xpath to be used on the CLI.
from-xpath = devices/entry[@name='localhost.localdomain']/device-group/entry[@name='PA200']/address
Notice the missing /config/ in the noted value of from-xpath.In the example below, one would have selected Configuration Commands > shared > address in order to view that page.
Note that from the XPath above, we identify the to-xpath to be used on the CLI.
to-xpath = /config/shared/address
-
Log into the CLI and go into configuration mode. Execute the following command:
# load config partial mode merge from <Snapshot Name> from-xpath <from-xpath> to-xpath <to-xpath>
Example:
admin@M-100-1 # load config partial mode merge from ConfigTest from-xpath devices/entry[@name='localhost.localdomain']/device-group/entry[@name='PA200']/address to-xpath /config/shared/address
Config loaded from ConfigTest
-
Delete the config in the device group if required:
Go the API browser and generate the API key:
https://<hostname>/api/?type=keygen&user=username&password=password
Open a browser tab and delete all the addresses using the following XML API:
https://<hostname>/api/?type=config&key=keyvalue&action=delete&xpath=<from-xpath>
This time you have to use /config/ since it's being directly deleted from the current candidate config.