Move or Clone a Policy Rule or Object to a Different Device Group
On Panorama, if a policy rule or object that you will move or clone from a device group has references to objects that are not available in the target device group (Destination), you must move or clone the referenced objects and the referencing rule or object in the same operation. In a Device Group Hierarchy, remember that referenced objects might be available through inheritance. For example, shared objects are available in all device groups. You can perform a global find to check for references. If you move or clone an overridden object, be sure that overrides are enabled for that object in the parent device group of the Destination (see Create Objects for Use in Shared or Device Group Policy).
When cloning multiple policy rules, the order by which you select the rules will determine the order they are copied to the device group. For example, if you have rules 1-4 and your selection order is 2-1-4-3, the device group where these rules will be cloned will display the rules in the same order you selected. However, you can reorganize the rules as you see fit once they have been successfully copied.
- Log in to Panorama and select the rulebase (for example, PolicySecurityPre Rules) or object type (for example, ObjectsAddresses).
- Select the Device Group and select one or more rules or objects.
- Perform one of the following steps:
- (Rules only) MoveMove to other device group
- (Objects only) Move
- (Rules or objects) Clone
- In the Destination drop-down, select the new device group or Shared. The default is the Device Group selected in Step Select the Device Group and select one or more rules or objects..
- (Rules only) Select the Rule order:
- Move top (default)—The rule will come before all other rules.
- Move bottom—The rule will come after all other rules.
- Before rule—In the adjacent drop-down, select the rule that comes after the Selected Rules.
- After rule—In the adjacent drop-down, select the rule that comes before the Selected Rules.
- The Error out on first detected error in validation check box is selected by default, which means Panorama will display the first error it finds and stop checking for more errors. For example, an error occurs if the Destination device group doesn't have an object that is referenced in the rule you are moving. When you move or clone many items at once, selecting this check box can simplify troubleshooting. If you clear the check box, Panorama will find all the errors before displaying them. Regardless of this setting, Panorama won’t move or clone anything until you fix all the errors for all the selected items.
- Click OK to start the error validation. If Panorama finds errors, fix them and retry the move or clone operation. If Panorama doesn't find errors, it performs the operation.
- Select CommitCommit and Push, Edit Selections in the Push Scope, select Device Groups, select the original and destination device groups, click OK, and then Commit and Push your changes to the Panorama configuration and to the device groups.
Move or Clone a Policy Rule or Object to a Different Virtua...
Move or Clone a Policy Rule or Object to a Different Virtual System On a firewall that has more than one virtual system (vsys), you ...
Move or Clone a Policy Rule
Move or Clone a Policy Rule When moving or cloning policies , you can assign a Destination (a virtual system on a firewall or a ...
Move or Clone an Object
Move or Clone an Object When moving or cloning objects, you can assign a Destination (a virtual system on a firewall or a device group ...
Create and Manage Authentication Policy
Create and Manage Authentication Policy Select the Policies Authentication page to create and manage Authentication policy rules: Task Description Add Perform the following prerequisites before ...
Creating and Managing Policies
Creating and Managing Policies Select the Policies Security page to add , and modify, and manage security policies: Task Description Add To add a new ...
Multi-Move or Multi-Clone Configuration
Multi-Move or Multi-Clone Configuration Use the action=multi-move and action=multi-clone actions to move and clone addresses across device groups and virtual systems. Templates do not support ...
Manage the Rule Hierarchy
Manage the Rule Hierarchy The order of policy rules is critical for the security of your network. Within any policy layer (shared, device group, or ...
Manage Device Groups
Manage Device Groups Add a Device Group Create a Device Group Hierarchy Create Objects for Use in Shared or Device Group Policy Revert to Inherited ...
Create a Device Group Hierarchy
Create a Device Group Hierarchy Plan the Device Group Hierarchy . Decide the device group levels, and which firewalls and virtual systems you will assign ...