I originally posted this as an "Idea" instead of a discussion, but I couldn't find it anywhere after I posted it. Anyways....
Here are a few things I've noticed in the v3 tool that could be improved:
- When you combine multiple rules, the new combined rule will be in the position of the FIRST RULE THAT YOU SELECT. Not necessarily the first rule in your selected list.
- My policy has rules (in order) A, B, C, D, and I want to combine rules A, B, and D
- Click to select rule A first, then Ctrl+click B and then Ctrl+click D
- The new rule order will be a combined A-B-D rule, then the C rule
- Click to select rule D first, then Ctrl+click B and then Ctrl+click A
- The new rule order will be C, then a combined A-B-D rule
- The consolidation tool is awesome, but it would be nice if it kept track of which "case" you were working on in some way. It's not easy when you're working on "Case 13" for example, finish the consolidation work, then have to scroll down in the case list again and remember that you're now on Case 14.
- You can't filter on the "any" criteria using the Policy Filter. For example, there doesn't seem to be a way to show all rules where the source zone is "any".
I also would like to report some bugs / areas of improvement:
- Proxy Settings: Cannot save username in format domain\username. The backslash \ is removed and the proxy connection does not work.
- When you import a Panorama config file, the different device groups are listed in the vsys column. Since the vsys column cannot be width adjusted, you cannot read / destinguish the device group names in case they all start with the same charactes, e.g. a prefix like DG-...
- Unused objects: There are green / red dots. I found no possibility to filter for the red dots only / export the list of unused address / service objects.
- It doesn't seem possible to delete Address Groups or Service Groups. I can select them and use the delete button in the bottom right of the toolbar, but they are not removed.
EDIT: Correction, this IS possible to do. You first have to make it recalculate used/unused objects. Only objects with the red dot ("unused") can be deleted.
Albert, thanks for fixing the issue with the consolidation tool. And excellent job creating this v3 tool. I'll be using it heavily over the next few months and I'm psyched you guys did such a great job with it.
Here are a few more issues I've found. If there's a different way you'd prefer I report these, please let me know.
1) When creating a destination NAT rule, typing in the address object name or IP does not perform a search of existing objects. The user needs to manually scroll through the entire list of address objects to find their choice.
2) When creating a tag, a description value above a certain char count (not sure how many, but my attempt was probably around 30 chars) causes the tag not to be created at all once the user clicks the Update button.
3) On the NAT policy screen, the clone button in the toolbar does not function / respond to user input.
Im not sure if I had understood the point number 2, but if you want to add a Tag to a Nat Rule, you have first to create the tag from the "objects" -> "tags" and then from the Nat rule assign that Tag and then click on Upgrade. Is this answering your question?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!