Hi,
I've just tested the proposed approach using API:
From the API output manager
-send the interfaces
-send the virtual router
-remove the AE from the security zone
-send the zone
=> This is working indeed.
As mentioned, the Interface / Zone mapping is required to be performed manually when the config is loaded onto the device.
After the config was loaded via API (subint, vrouter and zone) I tried to get around the "zone to interface mapping" by:
-Performing a commint on the FW
-Re-import the device running config into Expedition
-Loading the project configuration with the (pre-zone cleanings / thus containing the zone & interface mappings)
-Export and Merge only the zone config. (the rest is already onn the device, only the zone to interface mapping is missing).
-Generate the API commands
-....but it fails in the same way.
{"21":{"device":"UTRFWONE5","status":"fail","text":"<msg><line><![CDATA[ zone -> Zone27 -> network -> layer3 \\'ae2.313\\' is not a valid reference]]><\/line><line><![CDATA[ zone -> Zone27 -> network -> layer3 is invalid]]><\/line><\/msg>","date":"2019-02-08 04:07:35"}}
Best regards,
Filip
... View more