01-28-2019 10:57 PM
Hi,
I am using expedition tool to migrate the configuration from Cisco FWSM to Panorama. While reading the documents for "Log forwarding to Panorama", i understand that we need to select a security rule and set the log forwarding profile in order to receive the logs in Panorama. I have thousands of security rules which are being migrated and hence assigning forwarding profiles to individual security rules will consume a lot of time. Is there a way in which we can assign a log forwarding profile of an entire policy set to Panorama?
01-30-2019 01:16 AM
to use the multi edit option you need to select the policies you want to edit.
You can expand the default view of 50 policies to 500 for example, and select 500, if you do not want to make changes in 50 count batches.
01-29-2019 01:06 PM
You can follow these steps to apply changes to multiple policies - including adding a log forwarding profile.
1) if not already present you must create a LogForward profile: OBJECTS --> OTHER --> LogForward
you can use the snippet below to create a profile
<entry name="panorama">
<match-list>
<entry name="pan-1">
<log-type>traffic</log-type>
<filter>All Logs</filter>
<send-to-panorama>yes</send-to-panorama>
</entry>
</match-list>
</entry>
2) use the multi-edit option for the policies to select the policies you want to apply the log fowarding profile to
01-29-2019 10:06 PM
Hi,
Thanks a lot for your response. If i use the multi-edit option, is there a way to apply the log forwarding profile for all rules? Or do i need to select , let's say 20 rules at a time and apply the log forwarding profile?
01-30-2019 01:16 AM
to use the multi edit option you need to select the policies you want to edit.
You can expand the default view of 50 policies to 500 for example, and select 500, if you do not want to make changes in 50 count batches.
09-26-2022 05:32 AM
Hi there,
We migrated ASA policy security rules to PA firewall, and now we want to amend these policies rules to add both log forwarding profile or Security profiles.
So, if I connect the FW to Expedition tool (or simply upload FW XM config into Expedition), ingest policies, multi-rule edit, then API push the rules back to the FW, will the new amended policy rules override the current existing rule when I use API (load partial config) or crate duplicated ones ?
thanks
09-26-2022 08:36 AM
@AK74 Yes, it will overwrite whatever you have on firewall , you can either push the modified rules back to firewall via API calls or use load config partial in replace mode.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
