Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Lost Multi-Vsys policies after optimization within expedition

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Lost Multi-Vsys policies after optimization within expedition

L4 Transporter

Hi Community,

 

I currently got a interesting case:

Existing PA5250 with 6 vsys instances and I want to cleanup a few unused objects, do multi-tagging and so on.

After doing the optimization and after generating output, I've lost all policies - I was lucky, to check the config before importing.

I thougt, maybe a few changes where to much, so I created a new project and only imported and exported the config - same behavior.

My input xml with 5 MB is shrunk to 2,5M optimized - with loosing all policies.

 

Does anyone have an idea, if multi-vsys is supported with expedition or what might get wrong?

 

Newest expedition with 1.1.87 in use

 

Best Regards

Chacko

Best Regards
Chacko
7 REPLIES 7

L6 Presenter

@Chacko42 ,

 

Expedition do supports multi-vsys configuration, if it does not work for you, please open a TAC case and upload your firewall configuration there, please send an email to fwmigrate@paloaltonetworks.com to inform us about the case#. 

 

 

Hi @lychiang,

 

just to verify: I can import a multi-vsys config, go to objects, click on remove all unused and then go to export and click on generate config.

Is that the supposed way to do that or am I missing a step?

 

Best Regards

Chacko

Best Regards
Chacko

Hi @Chacko42 ,

 

That's the correct step, after you removed the unused objects and you will go to export, make sure the base file name matched the PAN-OS configuration file you imported, then click on "Generate XML & SetOutput", you can then download the xml or download the zip file , in the zip file, there is a file named MT-*-pretty.xml, that xml file will be more readable for you, it is the same contents if you just download the xml file. 

 

Screen Shot 2020-12-01 at 9.13.11 AM.png

Alright, so the procedure is the same as with single-vsys.

TAC case is created: #01662682

Best Regards
Chacko

@Chacko42 I am not seeing any configuration file attached to the case, can you please upload your running configuration to the case. 

Please find the uploaded running config in the case files

Best Regards
Chacko

@Chacko42  I verified your configuration,I did not see any policy was missing after export the configuration, you can try export the config from the expedition and create a new project and import the exported configuration and see if you seeing the security policies.  

  • 4364 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!