Is There an Impact on Active Sessions when Changing the Name of a Zone?

Is There an Impact on Active Sessions when Changing the Name of a Zone?

39224
Created On 09/26/18 13:55 PM - Last Modified 05/13/20 21:57 PM


Environment


  • Palo Alto Firewall.
  • Any PAN-OS.


Resolution


Yes, renaming a zone will impact all active sessions that reference it (in source and/or destination). When changing the name of a zone, the ID will change and all active sessions referencing the old zone name need to be cleared.
If change of zone name is needed, a maintenance window is recommended.

To clear all sessions on a firewall:

> clear session all

When renaming a zone, a new zone object (with a new name) is created in the background. A numeric ID is assigned to this new object created by the id-manager process. This ID will be used internally when referencing a specific zone, instead of the alphanumerical name.

To check the IDs assigned to zone names, run the following CLI command:

> debug device-server dump idmgr type zone all
  Since id-manager objects are cumulative, all the zone objects created since the last reset will be shown.


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000Cm1c&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkCSArticleDetail

Choose Language