Expedition Discussions

Reply
L2 Linker
Posts: 16
Registered: ‎07-21-2016

Importing rules into Expedition from a Firewall managed by Panorama

I'm wanting to do some policy work (app-id migraiton) on a firewalls that is basically 100% managed by Panorama.  Don't want to mess with all others yet.  How do I get the policy set that's managed in Panorama for just one firewall int Expedition?

L3 Networker
Posts: 58
Registered: ‎10-14-2015

Re: Importing rules into Expedition from a Firewall managed by Panorama

You have a device-group for the single firewall that you are wanting to use Expedition for? If not, you'd want to separate that firewall in Panorama to it's own device-group. Expedition talks to Panorama and learns the devices managed by it, but all changes it would need to make would have to be done via Panorama/device-group/templates.

L2 Linker
Posts: 16
Registered: ‎07-21-2016

Re: Importing rules into Expedition from a Firewall managed by Panorama

It is (well the HA pair) in its/their own device group.  So I'd need to connect to Panaram and pull the whole panarama config, but just work on that device group? 

 

I was wondering if Expedition "understood" device groups.

L3 Networker
Posts: 58
Registered: ‎10-14-2015

Re: Importing rules into Expedition from a Firewall managed by Panorama

So I'd need to connect to Panaram and pull the whole panarama config, but just work on that device group?  - correct.

 

I was wondering if Expedition "understood" device groups. - it does. You create a project, import Panorama, and the project should inherit the devices Panorama manages...then, when you click on Policies within the project, you should see something like the following in the bottom right corner:

 

panoramadevgroups.PNG

 

The device-groups should all be there and when you select one, you then only see/operate on the policy for that dev group.

L2 Linker
Posts: 16
Registered: ‎07-21-2016

Re: Importing rules into Expedition from a Firewall managed by Panorama

Thanks for that info.   OK, on a broader question; is there any documentation yet on actually using Expedition specifically for app-ID adoption on a PA firewall?  I remember doing this in a deep-dive lab at Ignite, but didn't save the lab document (bad me).  I'm trying to pull it out of memory, but just can't remember the steps.  I'm also not finding anything but the user guide, and the admin guide, which are less than helpful.

 

Anyone know of actual step by step help for this?

L3 Networker
Posts: 58
Registered: ‎10-14-2015

Re: Importing rules into Expedition from a Firewall managed by Panorama

Highlighted
L2 Linker
Posts: 16
Registered: ‎07-21-2016

Re: Importing rules into Expedition from a Firewall managed by Panorama

Dude... you are the man!  lol

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!