cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to update the policy in a project

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Esfeld
L2 Linker
‎10-09-2018 12:18 PM
‎10-09-2018 12:18 PM

How to update the policy in a project

I used expedition to provide me with information.  I manually added rules to the firewall.  When I go back to expedition and re-import the device config, it still shows me all of the same old rules.  I tried re-importing under devices and from within the project.  I also deleted and recreated the project with the same result.  How do I refresh the policy?

0 Likes
Reply
Avanderheyden
L3 Networker
‎10-10-2018 02:43 AM
‎10-10-2018 02:43 AM

Have you gone, outside of a project, to devices -> choose your device -> contents -> "retrieve contents" & save first?

0 Likes
Reply
Esfeld
L2 Linker
‎10-10-2018 11:45 AM
‎10-10-2018 11:45 AM

Yes.  It is Panorama managed, so I retrieved contents on Pano, retrieved devices, and then even retrieved contents on those devices (even though it should be almost nothing).  I then did the import in the project.  Same result.

0 Likes
Reply
Avanderheyden
L3 Networker
‎10-10-2018 03:26 PM
‎10-10-2018 03:26 PM

Then AFAIK you need to base your project on the Panorama config (and import the panorama configuration), not the firewall configuration. The Panorama pushed policies are not present in the firewalls running-config.xml or candidate config either, so it's logical the expedition tool can't retrieve them either. Vice versa, you will push your changes using API calls to Panorama and from Panorama to the device.

0 Likes
Reply
Esfeld
L2 Linker
‎10-11-2018 08:02 AM
‎10-11-2018 08:02 AM

"you need to base your project on the Panorama config (and import the panorama configuration), not the firewall configuration."

 

This is what I am doing.  I have not had this problem previously.

0 Likes
Reply
alestevez
L7 Applicator
‎10-11-2018 08:50 AM
‎10-11-2018 08:50 AM

Once a config is imported into a project there is no way to re-import the same config into the same project, This is a limitation we have since we are working with IDs and those are assigned at the time to import. So if you want to get the changes from the newest downloaded config from the device you have to

 

UNSET your BASE CONFIG

Then Remove by clicking on the Remove icon from the Left Panel on the name of the Filename xml.

 

After you removed the old config then import again from the Device or upload the XML again.

 

when you try to import a file or device who is already imported Expedition will skip that config...

 

Hope that helps

0 Likes
Reply
Esfeld
L2 Linker
‎10-11-2018 09:11 AM
‎10-11-2018 09:11 AM

I am not sure where I am supposed to do this.

0 Likes
Reply
magates
L2 Linker
‎10-16-2018 08:33 AM
‎10-16-2018 08:33 AM

@Esfeld wrote:

I am not sure where I am supposed to do this.

In your project, on the Export tab.

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks