01-19-2017 11:18 AM - edited 01-19-2017 11:18 AM
Trying to use the Panorama CLI to edit a template and add a tunnel interface, and also assign it to an existing zone in the same template. Does anyone know the CLI command to do this?
I can add the tunnel interface and assign it to a virtual router like this:
configure edit template myTemplate set config network interface tunnel units tunnel.100 comment myTunnelInterface set config network virtual-router default interface tunnel.100
But I cant find the CLI command to then assign a zone to this tunnel interface on the Panorama CLI. Any ideas?
01-19-2017 05:02 PM
You need to add tunnel.100 to vsys1 before it can be assigned a zone.
set config network interface tunnel units tunnel.100
set config vsys vsys1 import network interface tunnel.100
set config vsys vsys1 zone myZone network layer3 tunnel.100
01-19-2017 02:59 PM - edited 01-19-2017 02:59 PM
It's under the vsys config.
edit template myTemplate
set config vsys vsys1 zone .........
01-19-2017 04:33 PM - edited 01-19-2017 04:34 PM
I tried that, but the options under the vsys command dont include tunnel interfaces - only has layer2, layer3, tap, virtual-wire.
#set config vsys vsys1 zone myZone network + log-setting Log setting for forwarding scan logs + zone-protection-profile Zone protection profile > layer2 Layer2 interfaces > layer3 Layer3 interfaces > tap Tap mode interfaces > virtual-wire Virtual-wire interfaces <Enter> Finish input
Even if i select layer3, i only see loopback, vlan or an option to add a list of values, which also comes back with "invalid reference" if i list my tunnel interface there.
# set config vsys vsys1 zone myZone network layer3 [ Start a list of values. loopback loopback loopback vlan vlan vlan <value> member value
# set config vsys vsys1 zone myZone network layer3 [tunnel.100] Server error : layer3 '[tunnel.100]' is not a valid reference
01-19-2017 05:02 PM
You need to add tunnel.100 to vsys1 before it can be assigned a zone.
set config network interface tunnel units tunnel.100
set config vsys vsys1 import network interface tunnel.100
set config vsys vsys1 zone myZone network layer3 tunnel.100
01-19-2017 05:10 PM
That was it! Thanks a lot for your help!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
