This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Delete Sub-interface

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Delete Sub-interface

MPI-AE
L4 Transporter

‎01-21-2017 02:47 AM

Hey guys,

 

sorry for the silly question, but I have never done this before:

 

I would like to delete a sub-interface.

 

Is there a special order I have to stick to?

 

Delete all policies first where the zone is involved?

Delete the zone first?

Delete the interface first?

 

Or does this not matter?

0 Likes Likes
7 REPLIES 7

TranceforLife
L6 Presenter

‎01-21-2017 04:44 AM

Hi,

 

l think better remove the interface from the zone and then delete the subinterface. Your zone might have more interfaces than the sub-interface.

 

Thx,

Myky

0 Likes Likes

MPI-AE
L4 Transporter
In response to TranceforLife

‎01-21-2017 05:27 AM

Hey,

 

ok, did this!

 

Now my zone has no further interface.

 

But when I want to delete the zone, the firewall says first I have to remove the zone from all policies (security, nat, application override etc.)

 

But this zone is in approximately 100 policies.

 

Do I have to click every policy by hand now and remove the zone?

 

That would be very time-consuming.

 

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to MPI-AE

‎01-21-2017 08:28 AM

If you are comfortable with it I would edit out the zone directly in the XML and then load the config without the zone mentioned. The zone needs to be out of all rulebase before you can actually delete it, as you would have references to a zone that doesn't exist.  

TranceforLife
L6 Presenter

‎01-21-2017 01:38 PM

Would be nice to have an option to work/modify multiple objects at one time in the GUI.

0 Likes Likes

santonic
L6 Presenter
In response to TranceforLife

‎01-23-2017 12:06 AM

I agree.

But in this case this wouldn't be really useful. Or it would be risky at least. Because when removing objects (zones, network objects, apps..) from security rules you have to check each rule carefully. Because if the object you are removing is the only one in that field, after removing it the value of that field would become 'any'. So you could make huge holes in your FW policy when automatically removing objects from policies.

 

 

0 Likes Likes

MPI-AE
L4 Transporter
In response to santonic

‎01-23-2017 12:21 AM

didn't consider that yet.

But good point.

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to MPI-AE

‎01-23-2017 07:44 AM

Like @santonic said they're definitively good points in not working with the XML if you don't follow everything closely or know exactly how to incorporate what is being displayed. If this is your first time modifying the XML directly I probably wouldn't do it on something this large. No matter what you do make sure to validate the config before you attempt to commit it and don't use the force method to make it take the commit if it isn't working. 

0 Likes Likes
  • 5370 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks