Two issues.
First, I'd like to be able to clone rules from one FW to a different FW. There are some foundational rules that are mostly built out lets say FirewallA and I want to copy them to FirewallG and then make the needed zone changes once they are on FirewallG.
I tried that and got errors:
. Validation Error:
. vsys -> vsys2 -> rulebase -> security -> rules -> RuleName -> to 'Zone-Name' is not an allowed keyword
. vsys -> vsys2 -> rulebase -> security -> rules -> RuleName -> to 'Zone-Name' is not a valid reference
. vsys -> vsys2 -> rulebase -> security -> rules -> RuleName -> to is invalid
That leads me to believe that this isn't possible?
Problem two is, now I can't seem to back out of this??? How do I tell FirewallA to just forget it? I can't commit anything now because it still wants to try and make those changes???
Ugg! I just needed to go to the correct DG that I was moving it to and change the zones first.
In regards to the first issue, how did you export/import the rules? Lacking any other means, I'd do the following: On the A firewall > Set cli config-output-format set > Configure # show rulebase security rules | match <any useful keyword> Then copy-paste the rules in an xml editor, and find/replace zones Then copy/paste the set commands on the G firewall
Backing out is easy: go to device > setup > operations > revert to running config