This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

clean up unused objects within Panorama using expedition?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

clean up unused objects within Panorama using expedition?

S_Hiebert
L1 Bithead

‎02-03-2022 08:20 AM

hello all,

PA newb here. I recently transitioned to a firewall admin job and am learning my way around Palo Alto for the first time. one issue I've been tasked with exploring is an issue where one of our firewalls has fallen out of sync because it is a VM and has limited object storage capabilities. it is the only VM in our production network. We've explored the idea of just unchecking the "share unused objects" box in panorama, but apparently some of my predecessors weren't so careful when crafting new local rules on other firewalls throughout our AS and referenced panorama pushed objects in their local rules. 

needless to say this going to be a quagmire of a project to clean up the firewalls, and after that's done, I'm sure there will be a lot of unused objects leftover in panorama after the cleanup is finished.

while doing some digging I discovered PA has a tool called Expedition which can supposedly identify and remove unused objects in PA firewalls. can expedition be used with panorama in this same capacity? that would make my life a million times easier because otherwise I see no way to identify whether or not an object or applicable object group is used. 

 

any insights would be much appreciated. 

You cant believe everything you see on the internet- Benjamin Franklin
0 Likes Likes
2 REPLIES 2

TomYoung
Cyber Elite
Cyber Elite

‎03-23-2022 11:54 AM

Hi @S_Hiebert ,

 

Expedition can work with Panorama.  https://www.youtube.com/watch?v=r_l_NjGHv90

 

Another way to find out is to delete the object.  If it is used, you will get an error.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

MarkDufault
L2 Linker

‎04-13-2023 06:51 AM

I'm curious if you are using expedition on current hardware. What I mean is, I installed the latest expedition only to find that I could not import configs from my current hardware, nor did it support current software versions. I have used it in the past but gave up because of this. Is anyone else having this issue and if so have you found ways around it? I can't be too specific because when I gave up I just had the server team delete the box. But my delema is I would love to be able to cleanup my firewalls. I especially like the ability to let me know unused objects for this purpose.

 

0 Likes Likes
  • 3020 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks