10-19-2018 06:36 AM
I can import config to expedition, rule enrich, and import the rules/objects into Expedition project normally that works great. I then will use export/api manager to push config to panorama. When I push - I only push Atomic- for security rules and objects- since those are the only items that have changed with the entire config. I make sure to follow the ordering on the left hand side, and push the objects first, and then the security rules. I can successfully push through API manager GUI in expedition to Panorama successfully. Commit on panorama works normally. When I go to push to the FW from Panorama, the commit fails:
"Validation Error:
vsys 1 >rulebase->security->rules->NAMEOFRULEHERE->source 'NEWLYMADEADDRESSHERE' is not an allowed keyword
vsys->vsys1->rulebase->security->rules->NAMEOFRULEHERE->source 'NEWLYMADEADDRESSHERE' is an invalid ipv4/v6 address
Error: Failed ot find address 'NEWLYMADEADDRESSHERE'
Error:Unknown address 'NEWLYMADEADDRESSHERE'
Error:Failed to parse secrutiy policy
Commit failed
It's almost like it's not finding the newly created objects on the FW. The weird thing is that I can go and rename the object, commit on panorama and repush to the FW, and then the object on the Local FW is recognized, and the error goes away, and it moves on to the next newly created object that was made through expedition.
I can export the xml config- and import it to panorama, and then mode merge it for objects and security rules, and everything works normally, no commit errors with this at all.
I'm sure I'm missing something here, or commiting wrongly, but I don't know what it is. Does anyone have suggestions/fixes/encountered issues with this before?
10-19-2018 06:50 AM
Thanks for you compliments 🙂
I will try if with the XML and load config partial changes the behaviour !
10-19-2018 06:39 AM
Hi,
I remember a bug related to objects imports by the API and were not shown from Panorama, can you tell us what Panos version do you have in your panorama and fw? thx
10-19-2018 06:48 AM
PanOS 8.0.8 and Panorama 8.1.3
Expedition 1.0.106
spark dep - 0.1.1
Best practices 3.2.0
Do you recommend using the export xml option- importing on panorama and mode merging it as a workaround?
BTW- Props to alestevez---he works hard, solves problems and goes over and beyond for this tool. Thank you for the quick reply
10-19-2018 06:50 AM
Thanks for you compliments 🙂
I will try if with the XML and load config partial changes the behaviour !
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
