在Paloalto要將舊的Policy搬到另一台機, 最煩的不是Policy太多, 肯定是Object太多, Policy可能好多, 但Object肯定更多
所以使用Cli export & import address & address group便可以更快地設定Policy, 不過有寫開script的朋友, 應該會覺得還是很不方便
Single mode
> set cli config-output-format set
> configure
# show address
# show address-group
# show rulebase security rules
Panaroma
> set cli config-output-format set
> configure
# show device-group [xxx] address
# show device-group HK_Internal_PA_Group address-group
# show device-group [xxx] post-rulebase security rules