How to update the policy in a project

Reply
L2 Linker

How to update the policy in a project

I used expedition to provide me with information.  I manually added rules to the firewall.  When I go back to expedition and re-import the device config, it still shows me all of the same old rules.  I tried re-importing under devices and from within the project.  I also deleted and recreated the project with the same result.  How do I refresh the policy?

L2 Linker

Re: How to update the policy in a project

Have you gone, outside of a project, to devices -> choose your device -> contents -> "retrieve contents" & save first?

L2 Linker

Re: How to update the policy in a project

Yes.  It is Panorama managed, so I retrieved contents on Pano, retrieved devices, and then even retrieved contents on those devices (even though it should be almost nothing).  I then did the import in the project.  Same result.

L2 Linker

Re: How to update the policy in a project

Then AFAIK you need to base your project on the Panorama config (and import the panorama configuration), not the firewall configuration. The Panorama pushed policies are not present in the firewalls running-config.xml or candidate config either, so it's logical the expedition tool can't retrieve them either. Vice versa, you will push your changes using API calls to Panorama and from Panorama to the device.

Highlighted
L2 Linker

Re: How to update the policy in a project

"you need to base your project on the Panorama config (and import the panorama configuration), not the firewall configuration."

 

This is what I am doing.  I have not had this problem previously.

L7 Applicator

Re: How to update the policy in a project

Once a config is imported into a project there is no way to re-import the same config into the same project, This is a limitation we have since we are working with IDs and those are assigned at the time to import. So if you want to get the changes from the newest downloaded config from the device you have to

 

UNSET your BASE CONFIG

Then Remove by clicking on the Remove icon from the Left Panel on the name of the Filename xml.

 

After you removed the old config then import again from the Device or upload the XML again.

 

when you try to import a file or device who is already imported Expedition will skip that config...

 

Hope that helps

L2 Linker

Re: How to update the policy in a project

I am not sure where I am supposed to do this.

L1 Bithead

Re: How to update the policy in a project


@Esfeld wrote:

I am not sure where I am supposed to do this.


In your project, on the Export tab.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!