I have a set of Palo Alto PA-820s and 850s that I'd like to converge their configurations. For instance, have the same whitelist or blacklist policy outlines that I can add or remove websites, countries, and so forth.
I see I can share policies between virtual routers, but is there an easy or easier way to copy a policy from one firewall to another without redoing the entire configuration?
Thanks to all!
Hello @ghughes_itx , well in this case, the flagship product to share configurations, for example, policies, objects, network settings, among others is PANORAMA. But if it is not within the plans to implement, due to licensing issues, costs, operation, etc., then the other possible alternative, is on the one hand to try in both firewalls, to match certain config, for example Zones, Network Segments (if possible), names and / or references of Security Profiles.
I would think like this, first standardize and homologate manually, with care, these configs.
Then for each change you make, for example take the same command and apply it via CLI on the other firewall, trying to speed up the execution a bit more.
If you check those links there you have the examples at the view level, then when you run a change, you take the base CLI commands and apply it and adjust it on the other firewall.
You can copy the config but this is more global, to copy the config, from one firewall to another.
The other option would be to configure one of the devices with settings and policies you want. Export the XML file, delete everything in the xml except for what you want to transfer to the other. Then import the truncated xml to the other device,
Hope this makes sense.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!