Netscreen IP Wildcard Translation

Reply
L0 Member

Netscreen IP Wildcard Translation

I'm just beginning my migration from Netscreen to PaloAlto and one thing I keep running into is the MT translating wildcard masks like below:

 

set address "CorpNet" "0100-199_SVRS" 10.81.0.1 255.255.128.255 " 100 - 199 Servers"

 

into decimal subnet masks like below. Which the Palo doesn't like when I paste it in.

 

set address 0100-199_SVRS ip-netmask 10.81.0.1/17.011270939678
set address 0100-199_SVRS description "100 - 199 Servers"

 Why is this happening ?

L7 Applicator

Re: Netscreen IP Wildcard Translation

Hi,

 

We dont support wildcards sorry. Those wildcards masks can ended up with being hundreds of networks. We tried once to add support to convert those wildcards into networks but the amount of networks created were way to big and we deciced to remove that from the MT. Sorry you will have to manually convert into regular networks and replace it in your config... Sorry

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!