Re: How to bulk change destination zone for imported policies using FM

NetworkMonkey101 · ‎08-27-2024

Hi,

I have imported almost 1000 policies using the FMT and have noticed that the destination zone is not set causing an error. I am looking for a way to either bulk edit destination zones on the FMC or re-import again using the FMT and set using the tool. The destination zone is set to "any" using FMT and there is no option to drop it down to the zones being used.

Zones are available as seen below so why can I not select them when using the FMT?

Marvin Rhoads · ‎08-27-2024

I've done several dozen FMT-based migrations and never encountered this issue. Normally the ACP entries would be tied to the zone of the associated interfaces. Could it be that they came from a global ACL in the ASA?

NetworkMonkey101 · ‎08-27-2024

Rules on the ASA configuration are not mapped to zones. They are created within the interface with no zones assigned.

Marvin Rhoads · ‎08-27-2024

Yes, I understand that. But when you migrate the interfaces using FMT you assign them to zones. Those zone associations are then used in the ACP migration step.

NetworkMonkey101 · ‎08-27-2024

I have re-ran the FMT and assigned interfaces to zones as I did before. The only zone that is being applied in the ACP step relates to the DMZ. The inside and outside zones are not being applied to their corresponding policies..

NetworkMonkey101 · ‎08-27-2024

They are stating "no lookup" in the rule name whereas the DMZ rules are OK

How to bulk change destination zone for imported policies using FMT