- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-22-2022 07:20 AM - edited 08-22-2022 07:22 AM
Hello All,
from the GUI i can get all the security policies from one zone to another, However, from the CLI, is there a way?
for example : i need all the policies from Orange_Zone to Free- App_Zone
"Orange to DEVDB11-1; index: 1333" {
from Orange_Zone;
source 172.24.x.x/24;
source-region none;
to Free-App_Zone;
destination 172.24.x.x;
destination-region none;
user any;
source-device any;
destinataion-device any;
category any;
application/service [0:mssql-db-base/tcp/any/1433 1:mssql-db-encrypte/tcp/any/1433 2:mssql-db-unencryp/tcp/any/1433 ];
action allow;
icmp-unreachable: no
terminal yes;
08-22-2022 08:42 AM
Also, can some one please tell me how to view the rules on panorama in different device groups?
08-22-2022 04:36 PM
Hello @ToughGuy_PAN
you can use below CLI to view pre or post policy in specific Device Group:
show device-group <Device Group Name> pre-rulebase security rules
show device-group <Device Group Name> post-rulebase security rules
Kind Regards
Pavel
08-23-2022 02:10 AM
Hello @PavelK
Thanks for the below. However, my question was not clearly directed. Let me be more specific
We Have many zones on our PA firewall and I need the rule base between specific zones.
Once I have them , need to replicate them to Prisma, so that most of the company users in those zones can make full utilization of the Prisma GP.
Hope it makes sense. Please advise, if you need any further information
08-23-2022 12:03 PM
Just to be more specific about what you're trying to do, because it's still not completely clear to me, are you just looking to migrate your existing firewall's rulebase into Prisma Access? I'm assuming that you aren't managing Prisma Access with Panorama?
08-23-2022 01:12 PM - edited 08-23-2022 01:13 PM
Apologies, we are managing Prisma GP (cloud services) via Panorama
not the complete rule base, but only for the zones that are used to hit the Internet.
Zone by Zone we need to replicate to Prisma, so that most of the staff in those zones can take full advantage of Prisma GP
Let me know if that make sense
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!