I'm kind of new to PaloAlto firewalls and I am looking for guidance on how to help with a little situation. As part of our migration, we had to create a bunch of security-zones that parallel what is on the system already. It was a cludgy, but functional work around. OK, so what I have now is zones like this:
where "xxxx" is a litterally that string prefixed onto the OLD zones. So now I have my Panorama instance and a couple hundred policies that have to and from zones that I need to shift to the new correct zone. Aside from clicking though each policy and adjusting the settings, is there a way to edit them in bulk?
On my Juniper SRX's I would just use the "replace pattern xxxxCorp with Corp" globally through the config. Can I do something like that in Panorama?
you should just be able to rename the zone itself. the policies reference a pointer, like a number/index, not literally the name itself. the only thing i believe that wouldn't be affected is historical data (i.e. the logs).
if you need both old and new zones in parallel for some reason, I don't know of a search/replace functionality per se, but you can always export the configuration as an xml file, open it up in notepad++ or something like that (xml is just basically text in a format like html in case you didn't know), search/replace and then import it back in. just take the necessary pre-cautions, of course.
OK, good enough. I just exported it and edited externally and reimported. Kind of a pain that there isn't a way to do that in the command line, but i'll take what I can get. Thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!