This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Easy way to copy a policy from one firewall to another?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Easy way to copy a policy from one firewall to another?

ghughes_itx
L0 Member

‎11-22-2022 11:53 AM

Good afternoon!

 

I have a set of Palo Alto PA-820s and 850s that I'd like to converge their configurations. For instance, have the same whitelist or blacklist policy outlines that I can add or remove websites, countries, and so forth. 

I see I can share policies between virtual routers, but is there an easy or easier way to copy a policy from one firewall to another without redoing the entire configuration?

 

Thanks to all!

 

Gregg

0 Likes Likes
2 REPLIES 2

Metgatz
L4 Transporter

‎11-22-2022 12:14 PM - edited ‎11-22-2022 12:14 PM

Hello @ghughes_itx , well in this case, the flagship product to share configurations, for example, policies, objects, network settings, among others is PANORAMA. But if it is not within the plans to implement, due to licensing issues, costs, operation, etc., then the other possible alternative, is on the one hand to try in both firewalls, to match certain config, for example Zones, Network Segments (if possible), names and / or references of Security Profiles.

 

I would think like this, first standardize and homologate manually, with care, these configs.

 

Then for each change you make, for example take the same command and apply it via CLI on the other firewall, trying to speed up the execution a bit more.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHoCAK

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHoCAK#:~:text=The%20foll....

 

If you check those links there you have the examples at the view level, then when you run a change, you take the base CLI commands and apply it and adjust it on the other firewall.

 

You can copy the config but this is more global, to copy the config, from one firewall to another.

 

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-cli-quick-start/use-the-cli/use-secure-copy-to-...

 

Regards

High Sticker

OtakarKlier
Cyber Elite
Cyber Elite

‎11-22-2022 01:00 PM

Hello,

The other option would be to configure one of the devices with settings and policies you want. Export the XML file, delete everything in the xml except for what you want to transfer to the other. Then import the truncated xml to the other device,

 

Hope this makes sense.

  • 4429 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks