![]() ![]() Then I checked the traffic logs but traffic was still being blocked hitting the same rule! Unbelievable… > show running security-policy On the firewall, I didn’t see the pushed object any more. Anyway, then I pushed the same rule Block_IPs once again and then hey!!! > show config pushed-shared-policy | match Addr4 ![]() Apparently my PAN knowledge is getting worse. I had a wrong expectation that AddrGroup1 will also be deleted but it wasn’t. I removed the Block_IPs rule on this firewall from panorama. However in order to remove the referenced object, I first had to delete the Block_IPs rule. I first unchecked this useless (at least for me) setting as I wanted to delete the address group on the firewall and re-push from panorama. The problem is that panorama pushed objects are read-only, you can’t delete them. I don’t even want to think how this sync issue happened. Security rule (Block_IPs) referencing AddGroup1 address group object had the action block but we needed to delete this Addr4. Panorama had AddGroup1 = Addr1, Addr2, Addr3įirewall had AddGroup1 = Addr1, Addr2, Addr3, Addr4 It is nice compared to NSM and Security Director:) On the other hand, I had to deal with an issue which is address group content on panorama was different than the firewall. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |