Importing Objects and Object Groups

Generally, the import process imports objects and groups as new, and you cannot replace existing objects and groups. However, if network and port objects or groups in an imported configuration match existing objects or groups, the imported configuration reuses the existing objects/groups, rather than creating new objects/groups. The Firewall Management Center determines a match by comparing the name (minus any autogenerated number) and content of each network and port object/group.

If the names of imported objects match existing objects on the importing Firewall Management Center, the Firewall Management Center appends autogenerated numbers to the imported object and group names to make them unique.

You must map any security zones and interface groups used in the imported configurations to matching-type zones and groups managed by the importing Firewall Management Center.

If you export a configuration that uses PKI objects containing private keys, the Firewall Management Center decrypts the private keys before export. On import, the Firewall Management Center encrypts the keys with a randomly generated key.