How to update the policy in a project

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to update the policy in a project

L2 Linker

I used expedition to provide me with information.  I manually added rules to the firewall.  When I go back to expedition and re-import the device config, it still shows me all of the same old rules.  I tried re-importing under devices and from within the project.  I also deleted and recreated the project with the same result.  How do I refresh the policy?

7 REPLIES 7

L3 Networker

Have you gone, outside of a project, to devices -> choose your device -> contents -> "retrieve contents" & save first?

Yes.  It is Panorama managed, so I retrieved contents on Pano, retrieved devices, and then even retrieved contents on those devices (even though it should be almost nothing).  I then did the import in the project.  Same result.

Then AFAIK you need to base your project on the Panorama config (and import the panorama configuration), not the firewall configuration. The Panorama pushed policies are not present in the firewalls running-config.xml or candidate config either, so it's logical the expedition tool can't retrieve them either. Vice versa, you will push your changes using API calls to Panorama and from Panorama to the device.

"you need to base your project on the Panorama config (and import the panorama configuration), not the firewall configuration."

 

This is what I am doing.  I have not had this problem previously.

Once a config is imported into a project there is no way to re-import the same config into the same project, This is a limitation we have since we are working with IDs and those are assigned at the time to import. So if you want to get the changes from the newest downloaded config from the device you have to

 

UNSET your BASE CONFIG

Then Remove by clicking on the Remove icon from the Left Panel on the name of the Filename xml.

 

After you removed the old config then import again from the Device or upload the XML again.

 

when you try to import a file or device who is already imported Expedition will skip that config...

 

Hope that helps

I am not sure where I am supposed to do this.


@Esfeld wrote:

I am not sure where I am supposed to do this.


In your project, on the Export tab.

  • 7185 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!