I have a Netscreen firewall with 3 vsys to migrate. I would like to share as many address objects as I can (pereferably all).
After setting all addresses as shared on the output mapping screen I assign all the vsys to the proper device group, and the shared to the shared.
When generate the config, the shared objects still can be seen as 'pending', and in the output some address object is converted and assigned to vsys, but most of the address objects are not in the output at all. Shared services and service groups are converted well.
What can be the problem here?
I will recommend you to move all the objects to the 3 vsys and then when the objects and rules are under a Palo Alto Networks device you can Merge by Name and Value with the Devicegroup/Vsys selected to "all" this will automatically convert all the duplicated objects as shared and the unique ones into their own vsys. If you want as well after merge the duplicated objects (services/address and groups) you can select all the Objects and convert to Shared with the buttons located at the bottom bar under Address and Services and the same under the groups.
Now what is happening probably is there are duplicated address in the shared. Try to follow the produre I have been describing.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!