What are "Ghost" address objects

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

What are "Ghost" address objects

L1 Bithead

What is Expeditions definition of "Ghost" objects?

aemr
4 REPLIES 4

L3 Networker

I would guess something like an Address Group that is missing its host objects.

We use that term when you import a configuration from a firewall who has some objects added by a panorama. When we read the config from the firewall could refer to an object and that object is not defined on that configuration because was injected by panorama, in Expedition those objects seen in the config but not defined are called "Ghosts"

I've seen ghost addresses from config imported from ASA. I guess in this case it's objects that weren't defined as objects on ASA and were just used as network addresses?

 

A ghost object is that object in Expedition that does not get converted into an object in the final PANOS configuration.

Based on this, we can find two type pf ghost objects:

 

- The configuration is from a FW that will use objects inherited from a Panorama. Even the config can use those objects, those are not defined in the FW, therefore we call them ghosts.

- The configuration is using some explicit IPs in security rules, Nats, etc, that will not consume an object in the final PANOS Configuration, but you can still see them in the "address" table in Expedition. Those objects will be explicitly defined in the security rule and do not refer to PANOS address objects. This applies as well to services.

  • 6186 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!