Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Delete VSYS configuration

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Delete VSYS configuration

Not applicable

I have a VSYS on my PA-5050 which is no more required and needs to be deleted.

What steps needs to be taken for this?

Is it unassigning all the interfaces in that , deleting all policies etc or do we have a proper step by step thing for this?

Thanks all in advance

Regards

Vaibhav

1 accepted solution

Accepted Solutions

L7 Applicator

Hello Vaibhav,

There is no specific step you need to follow for the same. Just need to delete the VSYS under Device >> Virtual System and you are correct, it will unassign all the interfaces in that , deleting all policies etc.

Thanks

View solution in original post

6 REPLIES 6

L7 Applicator

Hello Vaibhav,

There is no specific step you need to follow for the same. Just need to delete the VSYS under Device >> Virtual System and you are correct, it will unassign all the interfaces in that , deleting all policies etc.

Thanks

Hello Hulk,

Thanks for the reply.

I was thinking for the same, but would it allow me to delete the VSYS without un assigning the interface. It was the case with Juniper but i am not sure of Palo Alto.

Thanks

Vaibhav

Hello Vaibhav,

Once you will delete a VSYS from PAN firewall, It will un-assign the VSYS information from the interface-configuration automatically. As per my knowledge, In case of Juniper SRX firewall, you need to manually un-assign the same settings individually from interfaces.

Hope this helps.

Thanks

Thanks Hulk.

I am going to try this thing now.

I want to share my experience deleting a vsys, because i just did so this morning:

My PAN-OS-Version is 7.1.12 and I deleted one of my three vsys.

First, I followd the instruction mentioned in the above posts - just deleting the vsys. After deleting the vsys - there were no errors - I commited the changes. This commit failed because of configured Ipsec-Tunnels and GP-Gateways.

 

I had to revert to running-config, because the Information about GP-Gateways seemd to be lost.

After revert to running-config - which restored the original config with the vsys deleted before - I first removed all IPSec-tunnels, GP-Gateways and Tunnel-Interfaces which were referenced by those IPsec-tunnels an GP-Gateways.

After that I deleted the vsys, followed by a commit. this time the commit was compelted without any errors.

After that I saw that the virtual-router-instance of the vsys I just deleted, was not deleted. So I removed it manually.

Also, the Interfaces used in the vsys which I deleted, needed some manual intervention. I used some sub-interfaces, in this vsys, so I delted them. Physical Interfaces which were used in this vsys had IP-Address-Config, so I removed them also.

After that everthing seems to be removed.

 

Maybe this information is useful for someone.

Greetings,

Alex.

L2 Linker

After deleting unused vsys (vsys3) we are receiving failed commits to device, the vsys has been removed and the device removed from the device group however the local device is still showing configuration that should have been removed - policy, interfaces and vr.

 

Please suggest what i should do

 

 

  • 1 accepted solution
  • 11145 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!