04-14-2021 09:31 PM - edited 04-14-2021 09:33 PM
I’m planning to create multi vsys on my palo alto. I just wanted to know if my existing configuration (interfaces, aggregate interfaces and rulebase) will be moved as it is to vsys1 or they need to be mived manually?
I have aggregate interfaces layer 2 in my environment so I need to assign vlan interfaces to vsys and keep parent port in no vsys or an admin vsys. Will that work?
04-15-2021 04:29 AM
I checked and my assumption about rulebase and configuration part was correct. Everything is under same vsys i.e vsys1.
But i’m not sure about assigning aggregate interface with no Vsys, as Every interface needs vsys configuration.
04-15-2021 04:14 PM
So everything you already have configured is technically already in vsys1 outside of shared objects, so nothing really "moves" when you enable multi-vsys as it's already present in the default vsys1. So every interface you have configured, including your aggregate, is already technically in vsys1.
Your aggregate interface needs to be assigned to a vsys and can't be left unassigned. I've never honestly tried having the VLANs split out between vsys coming across an AE assigned to another vsys, but I would guess that this would be an invalid configuration.
04-15-2021 06:16 PM
Yes the first part is correct. I already tried it 🙂
For the aggregate interface, what I did is removed the agg interface itself from under vsys and kept it’s vlan interfaces in required vsys. I was able to do that but I couldn’t test if the setup was working. Will check and confirm.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!