'hip -profiles is a duplicate node' 附加时的错误HIP安全规则的配置文件

• 当附加一个HIP配置文件到安全策略，用户可能会遇到错误： 'hip -profiles 是一个重复的节点'
• 提交/推送到设备也会导致提交错误。

• PAN-OS 10.0 或更新版本
• Panorama 用来推HIP配置文件到防火墙

1. 来自PanoramaCLI，将配置输出格式更改为“设置”符号，以便您可以轻松比较配置：

   panorama> set cli config-output-format set
2. 进入配置shell：

   panorama> configure
3. 在运行配置中搜索“hip -个人资料'：

   panorama# show | match hip-profiles
   set device-group My_Device_Group pre-rulebase security rules "trust-to-untrust" hip-profiles any
   set device-group My_Device_Group pre-rulebase security rules "dmz-to-untrust" hip-profiles any
   
4. 在上面的例子中有两个配置项hip-需要删除的配置文件。 删除它们：

   panorama# delete device-group My_Device_Group pre-rulebase security rules "trust-to-untrust" hip-profiles any 
   panorama# delete device-group My_Device_Group pre-rulebase security rules "dmz-to-untrust" hip-profiles any
   
5. 用更新的语法替换已删除的配置：

   panorama# set device-group My_Device_Group pre-rulebase security rules "trust-to-untrust" source-hip any
   panorama# set device-group My_Device_Group pre-rulebase security rules "dmz-to-untrust" source-hip any
6. 提交并推送 Panorama

set device-group <device-group-name> post-rulebase security rules <security-rule-name> hip-profiles <HIP-profile-name>

set device-group <device-group-name> post-rulebase security rules <security-rule-name> source-hip <HIP-profile-name>