Importing rules into Expedition from a Firewall managed by Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Importing rules into Expedition from a Firewall managed by Panorama

L2 Linker

I'm wanting to do some policy work (app-id migraiton) on a firewalls that is basically 100% managed by Panorama.  Don't want to mess with all others yet.  How do I get the policy set that's managed in Panorama for just one firewall int Expedition?

6 REPLIES 6

L3 Networker

You have a device-group for the single firewall that you are wanting to use Expedition for? If not, you'd want to separate that firewall in Panorama to it's own device-group. Expedition talks to Panorama and learns the devices managed by it, but all changes it would need to make would have to be done via Panorama/device-group/templates.

It is (well the HA pair) in its/their own device group.  So I'd need to connect to Panaram and pull the whole panarama config, but just work on that device group? 

 

I was wondering if Expedition "understood" device groups.

So I'd need to connect to Panaram and pull the whole panarama config, but just work on that device group?  - correct.

 

I was wondering if Expedition "understood" device groups. - it does. You create a project, import Panorama, and the project should inherit the devices Panorama manages...then, when you click on Policies within the project, you should see something like the following in the bottom right corner:

 

panoramadevgroups.PNG

 

The device-groups should all be there and when you select one, you then only see/operate on the policy for that dev group.

Thanks for that info.   OK, on a broader question; is there any documentation yet on actually using Expedition specifically for app-ID adoption on a PA firewall?  I remember doing this in a deep-dive lab at Ignite, but didn't save the lab document (bad me).  I'm trying to pull it out of memory, but just can't remember the steps.  I'm also not finding anything but the user guide, and the admin guide, which are less than helpful.

 

Anyone know of actual step by step help for this?

Dude... you are the man!  lol

  • 9469 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!