I have a VSYS on my PA-5050 which is no more required and needs to be deleted.
What steps needs to be taken for this?
Is it unassigning all the interfaces in that , deleting all policies etc or do we have a proper step by step thing for this?
Thanks all in advance
Solved! Go to Solution.
Thanks for the reply.
I was thinking for the same, but would it allow me to delete the VSYS without un assigning the interface. It was the case with Juniper but i am not sure of Palo Alto.
Once you will delete a VSYS from PAN firewall, It will un-assign the VSYS information from the interface-configuration automatically. As per my knowledge, In case of Juniper SRX firewall, you need to manually un-assign the same settings individually from interfaces.
Hope this helps.
I want to share my experience deleting a vsys, because i just did so this morning:
My PAN-OS-Version is 7.1.12 and I deleted one of my three vsys.
First, I followd the instruction mentioned in the above posts - just deleting the vsys. After deleting the vsys - there were no errors - I commited the changes. This commit failed because of configured Ipsec-Tunnels and GP-Gateways.
I had to revert to running-config, because the Information about GP-Gateways seemd to be lost.
After revert to running-config - which restored the original config with the vsys deleted before - I first removed all IPSec-tunnels, GP-Gateways and Tunnel-Interfaces which were referenced by those IPsec-tunnels an GP-Gateways.
After that I deleted the vsys, followed by a commit. this time the commit was compelted without any errors.
After that I saw that the virtual-router-instance of the vsys I just deleted, was not deleted. So I removed it manually.
Also, the Interfaces used in the vsys which I deleted, needed some manual intervention. I used some sub-interfaces, in this vsys, so I delted them. Physical Interfaces which were used in this vsys had IP-Address-Config, so I removed them also.
After that everthing seems to be removed.
Maybe this information is useful for someone.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!