Rules from One Zone to another Zone

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Rules from One Zone to another Zone

L2 Linker

Hello All,

 

from the GUI i can get all the security policies from one zone to another, However, from the CLI, is there a way?

 

for example : i need all the policies from Orange_Zone to Free- App_Zone

 

"Orange to DEVDB11-1; index: 1333" {
from Orange_Zone;
source 172.24.x.x/24;
source-region none;
to Free-App_Zone;
destination 172.24.x.x;
destination-region none;
user any;
source-device any;
destinataion-device any;
category any;
application/service [0:mssql-db-base/tcp/any/1433 1:mssql-db-encrypte/tcp/any/1433 2:mssql-db-unencryp/tcp/any/1433 ];
action allow;
icmp-unreachable: no
terminal yes;

5 REPLIES 5

L2 Linker

Also, can some one please tell me how to view the rules on panorama in different device groups?

Cyber Elite
Cyber Elite

Hello @ToughGuy_PAN

 

you can use below CLI to view pre or post policy in specific Device Group:

 

show device-group <Device Group Name> pre-rulebase security rules
show device-group <Device Group Name> post-rulebase security rules

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Hello @PavelK 

 

Thanks for the below. However, my question was not clearly directed. Let me be more specific

We Have many zones on our PA firewall and I need the rule base between specific zones.

Once I have them , need to replicate them to Prisma, so that most of the company users in those zones can make full utilization of the Prisma GP.

 

Hope it makes sense. Please advise, if you need any further information

Cyber Elite
Cyber Elite

@ToughGuy_PAN,

Just to be more specific about what you're trying to do, because it's still not completely clear to me, are you just looking to migrate your existing firewall's rulebase into Prisma Access? I'm assuming that you aren't managing Prisma Access with Panorama? 

@BPry 

Apologies, we are managing Prisma GP (cloud services) via Panorama

not the complete rule base, but only for the zones that are used to hit the Internet.

Zone by Zone we need to replicate to Prisma, so that most of the staff in those zones can take full advantage of Prisma GP

Let me know if that make sense

  • 1989 Views
  • 5 replies
  • 0 Likes
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!