This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Shared rulebase to vsys

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Shared rulebase to vsys

sidetrack
L2 Linker

‎04-03-2019 05:24 AM

I have ended up in a bit of an odd situation with an undesirable result 😕

 

In the process of importing CSV's from an unsupported source, I have ended up importing an entire rulebase into the "shared" VSYS of a standalone base firewall config. This might be OK for objects, or a rulebase in Panorama, but not a valid config for a standalone device.

 

To make matters worse, I have augmented the policy with a ton of new rules from a design document - mostly manual work. Many hours have gone into this and it's now ready to export to the target gateway.

 

Only one thing - there is no shared policy in the export (I guess because it's not a valid thing).

 

The policy can still be editied in config.xml -> shared, all I need is to move the rules to vsys1 or get them in the exported xml. I don't have time to build this rulebase again.

 

Help me @alestevez, you're my only hope!

 

0 Likes Likes
10 REPLIES 10

sjanita
L5 Sessionator
In response to sidetrack

‎04-04-2019 02:15 AM

what you can do is reimport the security policies but choose 'vsys 1' as your target. 

 

If you see those security policies in vsys 1, Then go back into the configuration and delete the rules listed in 'Shared'

0 Likes Likes

sidetrack
L2 Linker
In response to sjanita

‎04-04-2019 02:53 AM

I was trying to avoid that 🙂

 

A good chunk of my rules were hand-rolled in Expedition, stupidly evolving this unusable policy.

 

I need a way to export these orphaned shared rules, if there  was a way to move them from shared to vsys1. We can do the reverse (convert a rule in vsys1 to shared) but not the other way around.

0 Likes Likes

sjanita
L5 Sessionator
In response to sidetrack

‎04-04-2019 03:10 AM

Looking into it, will get back to you in a few mins

0 Likes Likes

sjanita
L5 Sessionator
In response to sjanita

‎04-04-2019 03:57 AM - edited ‎04-04-2019 04:28 AM

here's one option you can try:

 

Filter the display to display only the 'Shared' policies (bottom right hand selection choose 'Shared')

Choose 'Export to Excel' in the upper right hand corner menu

After opening in excel, save the file to CSV format and reimport (using the import CSV option) into vsys1

 

You will need to edit the CSV file and replace the commas with semi-colons which are the separators used by the CSV import

 

This will include any changes you had made to those security policies. You will also have to perform those same steps to any objects (Address, groups, services groups) that were moved into shared.

0 Likes Likes

sidetrack
L2 Linker
In response to sjanita

‎04-04-2019 04:40 AM

Thanks for the tip sjanita!

 

Looks like this is my only option, although the individual cells have carriage returns for multiple entries. I'm sure with a bit of NP++-fu I can whip this into shape 🙂

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks