- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-17-2025 09:28 AM
Need some help, running expedition 1.2.102. I have a standalone firewall through an acquisition that i have modified in expedition to merge into a specific device group in our panorama. Yes i know that i can just import any PA firewall into panorama but i only want specific components. Yes i know about doing a load partial but i dont want to spend days trying to figure out the xpath mappings. i remember being able to push each xpath from expedition so that is where i am stuck. On the API Output Manager when i generate API Requests i can only see Xpaths into the panorama and none into the specific device group. I have tried filtering per device group but then the windows goes blank.
01-17-2025 12:24 PM - edited 01-17-2025 12:24 PM
@PktBlocker few things to check:
1. make sure the device group has been created in the panorama base file before you import into expedition.
2. when you merge the config, you drag and drop the objects from left side to the device group folder on the right side.
01-17-2025 12:36 PM
HI @lychiang , yes the device group that i want to merge into is already present in the panorama but here is where the confusion comes in. Usually with other vendor firewalls the left pane is where the firewall config is and the right pane is where the panorama or base config is. Its flipped in this scenario.
.
01-20-2025 05:34 AM
Hi @PktBlocker
By default Expedition takes as base configuration (left panel) the first PaloAlto configuration you import.
Besides this behaviour you can change the base configuration (left panel) at any time by doing below:
1) Click on the red button "Unset Base Configuration".
2) All PaloAlto configuration will be showed at the right panel.
3) Select the one you want to set as base configuration and click on the blue button "Set Base Config".
Let us know if that works for you,
Best,
01-24-2025 03:14 PM
Ok i managed to get it the API push to panorama working. I forgot to click on set base config but once i got everything moved over to the proper device group i just clicked on merge and then moved to api pushing. Given we have over 200 firewalls its seems to be a bit buggy when you are trying to find the device group and template items to push to. Any consequences in forgetting to click on set base config? In your instructions above i would put click on the base configuration as step 1, took me a few minutes to figure out why unset was not doing anything. 😄
01-27-2025 12:39 AM
Hi @PktBlocker thanks for the update.
If you can see your new FW objects and rules into the API manager then it's fine.
Best!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!