Rule merge all results

Reply
L4 Transporter

Re: Rule merge all results

We still have to check this case and correct it if not behaving as it should.

 

 

L0 Member

Re: Rule merge all results

Also impacted by this limitation.  :|  Awaiting a fix or work around. 

L2 Linker

Re: Rule merge all results

Any updates on when/if this issue will be resolved?

 

Thanks,

Keith

L2 Linker

Re: Rule merge all results

As it has been 3 weeks since your last response I just wanted to check again to see if/when this issue will be fixed? 

L4 Transporter

Re: Rule merge all results

Rule merge will come tomorrow.

However, it will still be limited to 10 merges at a time.

Additionally, it will check that you do not merge rules with "any" and values in Users, Applications and Services

L2 Linker

Re: Rule merge all results

Thanks for the update, 10 at a time is better than 1 so that will be helpful. I do want to ask about the 2nd part of your response as it relates to 'any'. When migrating from Cisco ASA (and other firewalls also) the application field will always be 'Any' as the ASA is not doing app-id. Does that mean we can still only do 1 rule merge at a time? Hopefully, that is not the case.

L4 Transporter

Re: Rule merge all results

No, that is not the case.

What we won't merge are rules where some have "any" (does not have a specfic value) and others have specific values. As the result would not be "any", but the specifics.

For instance, 
RULE1  Trust 10.0.0.0/24          -> DMZ 172.16.0.0/25   SSH   app-default ALLOW    (users)

RULE2  Trust 192.168.10.0/24 -> DMZ 172.16.0.0/25   any   app-default          ALLOW   (admins)

We do not want to merge them into
RULE3  Trust 10.0.0.0/24, 192.168.10.0/24 -> DMZ 172.16.0.0/25   SSH   app-default ALLOW

As admins lost access to other allowed apps.
The same would apply to users and to ports.

L2 Linker

Re: Rule merge all results

I am dealing with something similar, we are importing thousands of rules from multipe FWs and needing to consolidate/merge rules.  Each 'filter' we apply is returning hundreds of cases.  We need an option that we can select that will simply merge ALL Cases into case specific rules.  The project I am on has over 250 FWs, from different vendors, being merged into a handful of 7000s.  Every two weeks we are migrating 10,000+ rules....we have a lot of it streamlined until we get to rule consolidation...6 or 7 different consolidation filters are spawning thousands of cases per migration.

 

[ ] Merge ALL Cases by Case

IE:

Case 1 (9 rules) 

Case 2 (24 rules)

Case 3 (19 rules)

...

Case 347 (17 rules)

 

= would out put 347 individual rules.

L2 Linker

Re: Rule merge all results

My client is also on an older version of Expedition (1.0.105).  Working on getting them to upgrade.  However is the intent of Consolidating Rules "Merge Selected" to Merge Cases by Case - but only (currently) 10 at a time?

 

Case 1 (9 rules)

Case 2 (16 rules)

....

Case 10 (14 rules)

 

== outputs 10 individual rules???  Cause right now, in our version I think thats broken and we are having to do one case at a time.  This is painful.

Highlighted
L4 Transporter

Re: Rule merge all results

It is now supporting 10 cases (which it means more than 10 rules).

 

We will modify the merge behaviour to support multiple merges in the background, as merging security rules implies quite a number of check and calculations.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!