I noticed, that upgrading to 8.x changed the default behavior for cloning policies.
On PAN-OS 7.1 after cloning the policy, the default behavior was to move the new policy after the cloned one.
On PAN-OS 8.x the policy is moved to top by default and you have to choose rule to copy after manually.
That is quite annoying, when editing big policy-bases.
Can anyone confirm this behavior?
Is there a workaround?
While the default setting might have changed, even in PAN-OS 8.0 and 8.1 you still have the option to choose where you place the rule(s) that you are cloning :
PAN-OS 8.0.x seems have 'Move Top' as default but you can easily change it with the drop down box :
PAN-OS 8.1.x :
of course you can do that, but the update "downgraded" the efficiency for editing policies.
Imaging, you have a policy-base with 1000 policies and you want to clone rule #334 and move it to position #335.
Then you need to select the dropdown item and scroll down 300 items - that's quite annyoing, by knowing, that this wasn't an issue with PAN-OS 7.x
I only see the "downgraded" behaviour in PAN-OS 8.1 ... not on 8.0.
For me, in PAN-OS 8.0.x it's still working as before with the rule being cloned just after the one you're cloning (tested on a PA-200 running PAN-OS8.0.7).
If that's the case then you might want to check with TAC if this is expected behaviour in PAN-OS 8.1.x
So the case was opened with us (TAC) and I checked in my VM running 8.1.0.
Apparently no one seems to have noticed that you can type in the dropdown menu, so there is no need to scroll down 300 or 500 policies as was mentioned previously. Just type the name of the policy where the cloned policy should be placed after or before and the dropdown list will be filtered accordingly and only display the policies matching the input.
okay, thanks for the input - that is a good workaround until the issue is patched..
But I think, in comparison to 8.0, you need to click more (greater administrative effort) to reach the same thing.
Besides, I guess cloning a policy directly after the selected rule is the default for 90% of the use-cases and moving a policy to top is more an exception from that.
So why make it complicated and change the behavior from 8.0 to 8.1? Looks like a bug to me.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!