Port Move - Using Panorama Templates

Reply
Highlighted
L1 Bithead

Port Move - Using Panorama Templates

Hi Folks,

I need to do a port move on a 3220 - RJ45 to an SFP port - part of an ISP upgrade. Everything else remains the same.

 

The trouble i have is that all the config is managed from a Panorama Device group. I don't know of a way of editing the various dependencies in the GUI (static routes, GP gateways, tunnels, etc) - so i am considering XML surgery.

 

While i can download the panorama xml and do a careful find/replace Ethernet1/9 for Ethernet1/20 for instance, this is not my preferred method, given its potential for typo's and the XML file covers config for many firewalls, not just the one in question. I am trying to avoid the situation of editing XML under the pressure of the businesses main WAN link being down.

 

Does anyone have a better solution for this type of activity? We have various static routes, tunnels, GP gateways etc tied to this interface, so they all need to update together.


Accepted Solutions
Cyber Elite

@GN_ROS,

Honestly modifying the XML file is really easy; it would obviously be easier doing it directly on the firewall outside of Panorama, but the XML is pretty easy to read if you just need to do an interface change.

View solution in original post


All Replies
Cyber Elite

@GN_ROS,

Honestly modifying the XML file is really easy; it would obviously be easier doing it directly on the firewall outside of Panorama, but the XML is pretty easy to read if you just need to do an interface change.

View solution in original post

Highlighted
L4 Transporter

Hi @GN_ROS ,

 

You can also use "set cli config-output-format set" under the Panorama (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClHoCAK )

After that just show the template assigned on the device in question.

Piping the output to "match eth1/9" you should receive of the commands that this interface is referring to.

Copy the relevant lines, edit them in text editor to use the new interface and just paste the edited command to the panorama

 

Modified set commands should simply replace the current entries (static route, GP, peers etc. everything is referred with name and can have only one interface). You probably will need to put the command in the proper order and of course manually remove the ip address from old interface (panorama will give you error if you try to put same ip on both interfaces)

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!