05-04-2024 11:53 PM
Hi all
There are pre-rules, local firewall rules, post-rules and default rules after I added a firewall to Panorama, but when we import the configuration to device group, seems import rules to pre or post rules is a must during the the import operation, then the original local firewall rules will become the pre or post rules after we push the configuration. So may I know any way we can just import the device configuration to template, and object to shared but leave the existing firewall policy in local? Or what is the best practice to achieve this?
Best regards
Alex
05-06-2024 01:39 AM
While you import a new firewall into panorama you get the option to move all the objects into 'shared'
After the import has been completed, you can simply delete the newly created device group (or remove all the rules from it) and then push the config bundle without the pre/post rules
All your rules will remain local
05-07-2024 07:28 PM
Thanks for your suggestion, we tried to import the policy to device group pre-rules and object in shared. Then we create a new device group and associate to the firewall, then export the config bundle again. But found the all local policy gone.
Then we check the doc again and found below; both export, push and commit will remove all local policies and objects.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
