12-20-2023 07:20 AM
HI, I am bringing in a Palo config from a live firewall (merged-config) so that I can do a bulk update to all firewall rules, but when I look at the policy it has added in a Hip Profile (any). We don't use Hip so is there a way I can stop expo from adding this in, as it makes it very difficult to do a diff check on the rules updated from with the bulk update.
So can I stop EXPO from adding in a Hip Profile to the rules in my imported config that don't have it?
Thanks
Jon
12-20-2023 07:43 AM
Hi @JHALL3
Thanks for reaching out.
Expedition is adding by default the "any" hip-profiles for PANOS < 10 or the "any" source-hip for PANOS > 10.
If your issue is comparing the original config with the one generated by Expedition you can remove the chain "<hip-profiles><member>any</member></hip-profiles>" using a text editor from the exported file.
Please let me know if you have any other question,
Best regards,
David
12-21-2023 03:43 AM
Hi @dpuigdomenec I guess I could do that, but is there no way I can just stop Expo from adding it in the first place?
12-21-2023 09:42 AM
Hi @JHALL3
I'm sorry but the engine to generate the output is not customisable and the hip-profiles or source-hip tag is added by design.
Let me know if I can help you in anything else,
David
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
