- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-20-2014 12:49 PM
I have a VSYS on my PA-5050 which is no more required and needs to be deleted.
What steps needs to be taken for this?
Is it unassigning all the interfaces in that , deleting all policies etc or do we have a proper step by step thing for this?
Thanks all in advance
Regards
Vaibhav
01-20-2014 10:21 PM
Hello Vaibhav,
There is no specific step you need to follow for the same. Just need to delete the VSYS under Device >> Virtual System and you are correct, it will unassign all the interfaces in that , deleting all policies etc.
Thanks
01-20-2014 10:21 PM
Hello Vaibhav,
There is no specific step you need to follow for the same. Just need to delete the VSYS under Device >> Virtual System and you are correct, it will unassign all the interfaces in that , deleting all policies etc.
Thanks
01-22-2014 04:25 AM
Hello Hulk,
Thanks for the reply.
I was thinking for the same, but would it allow me to delete the VSYS without un assigning the interface. It was the case with Juniper but i am not sure of Palo Alto.
Thanks
Vaibhav
01-22-2014 09:06 PM
Hello Vaibhav,
Once you will delete a VSYS from PAN firewall, It will un-assign the VSYS information from the interface-configuration automatically. As per my knowledge, In case of Juniper SRX firewall, you need to manually un-assign the same settings individually from interfaces.
Hope this helps.
Thanks
02-02-2014 12:58 AM
Thanks Hulk.
I am going to try this thing now.
10-11-2017 02:03 AM
I want to share my experience deleting a vsys, because i just did so this morning:
My PAN-OS-Version is 7.1.12 and I deleted one of my three vsys.
First, I followd the instruction mentioned in the above posts - just deleting the vsys. After deleting the vsys - there were no errors - I commited the changes. This commit failed because of configured Ipsec-Tunnels and GP-Gateways.
I had to revert to running-config, because the Information about GP-Gateways seemd to be lost.
After revert to running-config - which restored the original config with the vsys deleted before - I first removed all IPSec-tunnels, GP-Gateways and Tunnel-Interfaces which were referenced by those IPsec-tunnels an GP-Gateways.
After that I deleted the vsys, followed by a commit. this time the commit was compelted without any errors.
After that I saw that the virtual-router-instance of the vsys I just deleted, was not deleted. So I removed it manually.
Also, the Interfaces used in the vsys which I deleted, needed some manual intervention. I used some sub-interfaces, in this vsys, so I delted them. Physical Interfaces which were used in this vsys had IP-Address-Config, so I removed them also.
After that everthing seems to be removed.
Maybe this information is useful for someone.
Greetings,
Alex.
01-30-2023 11:04 PM
After deleting unused vsys (vsys3) we are receiving failed commits to device, the vsys has been removed and the device removed from the device group however the local device is still showing configuration that should have been removed - policy, interfaces and vr.
Please suggest what i should do
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!