Log Forwarding to Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Log Forwarding to Panorama

L2 Linker

Hi, 

 

I am using expedition tool to migrate the configuration from Cisco FWSM to Panorama. While reading the documents for "Log forwarding to Panorama", i understand that we need to select a security rule and set the log forwarding profile in order to receive the logs in Panorama.  I have thousands of security rules which are being migrated and hence assigning forwarding profiles to individual security rules will consume a lot of time.  Is there a way in which we can assign a log forwarding profile of an entire policy set to Panorama?

1 accepted solution

Accepted Solutions

to use the multi edit option you need to select the policies you want to edit. 

 

You can expand the default view of 50 policies to 500 for example, and select 500, if you do not want to make changes in 50 count batches.

View solution in original post

6 REPLIES 6

L5 Sessionator

You can follow these steps to apply changes to multiple policies - including adding a log forwarding profile.

 

1) if not already present you must create a LogForward profile: OBJECTS --> OTHER --> LogForward

 

you can use the snippet below to create a profile

 

<entry name="panorama">

          <match-list>

            <entry name="pan-1">

              <log-type>traffic</log-type>

              <filter>All Logs</filter>

              <send-to-panorama>yes</send-to-panorama>

            </entry>

          </match-list>

        </entry>

 

2) use the multi-edit option for the policies to select the policies you want to apply the log fowarding profile to

 

 

 

Hi,

 

Thanks a lot for your response. If i use the multi-edit option, is there a way to apply the log forwarding profile for all rules? Or do i need to select , let's say 20 rules at a time and apply the log forwarding profile?

to use the multi edit option you need to select the policies you want to edit. 

 

You can expand the default view of 50 policies to 500 for example, and select 500, if you do not want to make changes in 50 count batches.

Hi sjanita

 

Thanks a lot for your response. I will do that. 

Hi there,

We migrated ASA policy security rules to PA firewall, and now we want to amend these policies rules to add both log forwarding profile or Security profiles.

 

So, if I connect the FW to Expedition tool (or simply upload FW XM config into Expedition), ingest policies, multi-rule edit, then API push the rules back to the FW, will the new amended policy rules override the current existing rule when I use API (load partial config) or crate duplicated ones ?

 

thanks

@AK74 Yes, it will overwrite whatever you have on firewall , you can  either push the modified rules back to firewall via API calls or use load config partial in replace mode. 

  • 1 accepted solution
  • 6997 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!