As 9.0 now supports Tag Based Rule Groups instead of the Tag Browser, it would be very nice to have this available in Expedition as well.
Currently the group will be removed if you make changes to the security rules in Expedition and make the API call.
We will open a Jira ticket to add this new feature in the parser for Panos so this information is not lost while passing by Expedition.
I think that tags are currently supported through the import process, so they are not lost during the Expedition management.
Functionalities related to use of group tags, such as visualization, are not implemented, and we do not have them in a high priority.
I have just migrated a Cisco config to Panorama - where I had existing rules with "Group Rules By Tag" configured on the rules. After doing a API send Call, I get the new rules added - but the "Group Rules By Tag" were cleared from the existing rules.
Thanks for reporting this.
Were you running 1.1.40?
If so, would it be possible to share the configuration with us to make some debugging at our side?
Please, contact us at fwmigrate at paloaltonetworks dot com if you could share the config.
It should be fairly easy to recreate the behavior:
All rules will now have their group tags removed.
When viewing the generated API calls, it is obvious that the [group-tag] key is not set and therefore it will be "deleted" when editing the ruleset.
So I guess it is necessary that the group-tag is imported from the Panorama config so it can be set when generating the API calls?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!