I am using Expedition to remove unused objects from firewalls via a partial config import. What I ran into is the tool removed an unknown number of objects that, while not used by a security policy, they are in fact used by a NAT policy! Because of this I was only able to import services, service groups, and address groups. Importing the new, "smaller" address list won't allow a commit because of the NAT policies that are pointing to objects that Expedition removed.
Has anyone else seen this, or have any info on why this is happening?
... View more