- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-26-2021 10:00 AM
I want to reuse a pre ruleset because all firewalls of a type get these firewall rules. The issue is the inside interfaces are different zone names. Whats the best way to handle that situation while using the "no any zone" best practice? I am alreadly overriding an object-group to specify these zones networks. We cannot override the zones of a policy rule unfortunately.
03-26-2021 10:24 AM
if you think that's likely to happen often then you may be best to add all the same zones to all the firewalls, you don't have to have them used anywhere, just exist. then you can have one policy for all and sleep most of the day....
03-26-2021 10:10 AM
I'm not sure if i read you correctly but I just clone the policy, change the zone information as required and only have the intended firewall ticked in the target window.
03-26-2021 10:16 AM
Hi MickBall, I thought about that too but when a rule changes across the board you now have to update that change across your fleet. That is hard to do if you all your rules sets are technically now separate. 😞
03-26-2021 10:17 AM
I wish there was a way to override the zones. 😕
03-26-2021 10:20 AM
There only place that is consistent for the zones are using the outside interface as a reference point. That isn't using Palo Alto best practice of using "no any" for zone.
03-26-2021 10:24 AM
if you think that's likely to happen often then you may be best to add all the same zones to all the firewalls, you don't have to have them used anywhere, just exist. then you can have one policy for all and sleep most of the day....
03-26-2021 10:27 AM
Yea, that was my next guess. I will have to pick out the most common amongst all the firewalls and add them. Thanks!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!