Expedition was conceived to reduce the time and efforts a security admin needs to improve and optimize their Palo Alto Networks configurations. Following that effort, we have added, within Expedition, support not only to run a BPA analysis if not also be able to remediate some of the failed checks (all related to Device Config) and now integration with the project IronSkillet. https://github.com/PaloAltoNetworks/iron-skillet
There are many ways to replace Zones in your Rules but there is one that really makes a difference.
The idea in this example is replace the Zone called VPN-Didac by Untrust. So the approach we will take is filter by the Zone and see where this zone is used and then do the replace.
From within the Project navigate to Network and then click on Zones.
From there right-click on the Zone (point he mouse over the name) we want to replace, in our case VPN-Didac and select Add to filter.
This will create a new filter and we need to activate it by using drag and drop to drop it under ACTIVE folder and click on APPLY FILTER button.
Navigate to TOOLS and Search and Replace. Select from the left panel where the output from the filters are listed the Zone we want to replace and then Expedition will search in what groups or policies has been used.
In our example we will click on Security Policies and we will select all the rules where this zone was seen and we will add to Replace, the same will do with the Nat Policies shown as well. After that we will click on REPLACE.
From the REPLACE view and keeping all the elements selected choose from the combo called Replace by "Zones" and then from the next combo called "To" select the zone you want to be replaced by the one you searched.
Click on Replace All and check from the Rules the change was effectively done.