在Paloalto要將舊的Policy搬到另一台機, 最煩的不是Policy太多, 肯定是Object太多, Policy可能好多, 但Object肯定更多
所以使用Cli export & import address & address group便可以更快地設定Policy, 不過有寫開script的朋友, 應該會覺得還是很不方便
Single mode
> set cli config-output-format set
> configure
# show address
# show address-group
# show service
# show service-group
# show profiles custom-url-category
# show shared log-settings
# show rulebase security rules
# show rulebase nat
# show network dhcp
Panaroma
> set cli config-output-format set
> configure
# show device-group [xxx] address
# show device-group HK_Internal_PA_Group address-group
# show device-group [xxx] post-rulebase security rules