11-30-2020 06:05 AM
Hi Community,
I currently got a interesting case:
Existing PA5250 with 6 vsys instances and I want to cleanup a few unused objects, do multi-tagging and so on.
After doing the optimization and after generating output, I've lost all policies - I was lucky, to check the config before importing.
I thougt, maybe a few changes where to much, so I created a new project and only imported and exported the config - same behavior.
My input xml with 5 MB is shrunk to 2,5M optimized - with loosing all policies.
Does anyone have an idea, if multi-vsys is supported with expedition or what might get wrong?
Newest expedition with 1.1.87 in use
Best Regards
Chacko
11-30-2020 09:56 AM
Expedition do supports multi-vsys configuration, if it does not work for you, please open a TAC case and upload your firewall configuration there, please send an email to fwmigrate@paloaltonetworks.com to inform us about the case#.
11-30-2020 11:28 PM
Hi @lychiang,
just to verify: I can import a multi-vsys config, go to objects, click on remove all unused and then go to export and click on generate config.
Is that the supposed way to do that or am I missing a step?
Best Regards
Chacko
12-01-2020 09:19 AM
Hi @Chacko42 ,
That's the correct step, after you removed the unused objects and you will go to export, make sure the base file name matched the PAN-OS configuration file you imported, then click on "Generate XML & SetOutput", you can then download the xml or download the zip file , in the zip file, there is a file named MT-*-pretty.xml, that xml file will be more readable for you, it is the same contents if you just download the xml file.
12-01-2020 10:19 AM
Alright, so the procedure is the same as with single-vsys.
TAC case is created: #01662682
12-01-2020 10:31 AM
@Chacko42 I am not seeing any configuration file attached to the case, can you please upload your running configuration to the case.
12-01-2020 10:33 AM
Please find the uploaded running config in the case files
12-01-2020 11:38 AM
@Chacko42 I verified your configuration,I did not see any policy was missing after export the configuration, you can try export the config from the expedition and create a new project and import the exported configuration and see if you seeing the security policies.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
