How to delete vsys and its associated objects on the Firewall and Panorama

How to delete vsys and its associated objects on the Firewall and Panorama

41617
Created On 09/25/18 19:36 PM - Last Modified 06/12/23 16:13 PM


Symptom


Symptoms

This article outlines the steps to delete a vsys and related objects from a firewall managed by Panorama. 

Diagnosis

Vsys are configured as a part of templates in Panorama.

Vsys contains interfaces and policies and there are certain interdependencies that could pose challenges when committing the configuration.

Resolution


Step 1. On Panorama, remove references of objects (configured under Device Groups) from Template.

 

Example: Reference of Logforwarding Profile in Zones. Set the log forwarding profile to None.

 

Step1.png

 

Step 2. Commit this on Panorma and commit to the Managed Firewall.

 

Step 3. Delete contents of the Device Group and commit the empty device group to the Panorama and Managed Firewall.

 

Step 4. Delete Template entries like interface zones etc and commit to Panoram and Template on the Managed Firewall.

 

Step 5. Remove the Device Group from Shared policy and commit on Panorama.

 

Screen Shot 2016-08-31 at 4.14.02 PM.png

Note: Use "Target to all but these specified devices" and check the Device Group you would like to remove.

 

Step 6: Commit to the Device Group to remove references of Shared policy pushed from Device Group on the Managed Firewall.

 

Step 7. Delete the vsys from Template on Panorama and commit on Panorama and Device Group (Managed Firewall)

Screen Shot 2016-08-31 at 4.23.38 PM.png

 

Step 8. Delete the template from Panorama and commit.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaFCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language