One of our customer is Migrating all the vlans which are currently on PA 3020 ( Acting as L3) to another firewall in their DC PA 3060 .
There are around 15 vlans which are directly connected networks on PA 3020 . So we will be extending those vlans to DC and make the subinterfaces on DC PA 3060 / Shut down the subinterfaces on PA 3020 and make them up in 3060 .
Both these firewalls are managed through Panorama . Both are in different device groups .
Is it recommened to migrate the policy from one DG to another ?? Because in what order they will be copied ? will they be copied all on the top or at the bottom ; or shall we go to add the security policies manually ??
When you select any rule or object to move or clone to destination device group, there are few options as given below -
Move top (default) - Policy will be at the top of all the rules
Move Bottom - Policy will come at bottom of all other policies
Before Rule - In the adjacent drop-down, select the rule that comes after the Selected Rules
After Rule - In the adjacent drop-down, select the rule that comes before the Selected Rules.
Also please make sure the objects that are getting copied are part of destination device group. If it is not then it will throw error.
Hope it helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!