10-19-2018 06:36 AM
I can import config to expedition, rule enrich, and import the rules/objects into Expedition project normally that works great. I then will use export/api manager to push config to panorama. When I push - I only push Atomic- for security rules and objects- since those are the only items that have changed with the entire config. I make sure to follow the ordering on the left hand side, and push the objects first, and then the security rules. I can successfully push through API manager GUI in expedition to Panorama successfully. Commit on panorama works normally. When I go to push to the FW from Panorama, the commit fails:
"Validation Error:
vsys 1 >rulebase->security->rules->NAMEOFRULEHERE->source 'NEWLYMADEADDRESSHERE' is not an allowed keyword
vsys->vsys1->rulebase->security->rules->NAMEOFRULEHERE->source 'NEWLYMADEADDRESSHERE' is an invalid ipv4/v6 address
Error: Failed ot find address 'NEWLYMADEADDRESSHERE'
Error:Unknown address 'NEWLYMADEADDRESSHERE'
Error:Failed to parse secrutiy policy
Commit failed
It's almost like it's not finding the newly created objects on the FW. The weird thing is that I can go and rename the object, commit on panorama and repush to the FW, and then the object on the Local FW is recognized, and the error goes away, and it moves on to the next newly created object that was made through expedition.
I can export the xml config- and import it to panorama, and then mode merge it for objects and security rules, and everything works normally, no commit errors with this at all.
I'm sure I'm missing something here, or commiting wrongly, but I don't know what it is. Does anyone have suggestions/fixes/encountered issues with this before?
