Information on the "Disable Panorama Policy and Objects" and "Disable Device and Network Template" Buttons

Information on the "Disable Panorama Policy and Objects" and "Disable Device and Network Template" Buttons

20582
Created On 09/25/18 19:50 PM - Last Updated 03/18/20 21:41 PM


Symptom

The Disable Panorama Policy and Objects and Disable Device and Network Template buttons can be found on a firewall by navigating:

Device > Setup> Management> Panorama Settings
Screenshot of disabling Panorama Policy and Objects



Environment
  • Firewall
  • Panorama


Cause

If you click on either; "Disable device and Network Template" or "Disable Panorama Policy and Objects" and the check boxes "Import Panorama Policy and Objects before disabling", "Import Device and Network Template before disabling" are not checked; then the respective configuration will be deleted from the firewall immediately.

However, this action does not trigger an autocommit. The configuration will be removed from the candidate config, but will remain active in the running config on the dataplane until a Commit operation is performed.

On the other hand, if you select the check boxes, then configuration under Device and Network pushed from the Panorama will be kept on the firewall. This will have the configuration appear as a local configuration.

Step2 -a.png

Step2 -b.png



Resolution

What if the Configuration is Removed by Mistake?

Revert to running config will not bring the Panorama pushed config back, even rebooting the device will not bring the configuration pushed from Panorama back.

 

There are two solutions:

Solution (A)  - If you have not performed a commit on the Palo Alto Networks firewall after clicking OK.
 

To get the config back perform the following steps:

  1. Enable the Panorama policy and Objects, Device and Network Template and click OK,  Do not commit at this point.
    Enable.png
  2. Send a commit from Panorama to the Palo Alto Networks firewall.


Solution (B) - If you have performed a commit on the firewall locally. After clicking OK then the config that has been pushed from the Panorama will be removed completely from the firewall.  

Follow these steps to bring the config back:

  1. Add the Panorama IP address on the firewall, enable the Panorama Policy and Objects, Device and template and perform a commit on firewall.
    Device > Setup > Management > Panorama Settings
    Enable 2.png
  2. Make sure there is connectivity to Panorama from the firewall. (Check if the firewall appears as connected on Panorama)
On Panorama, Panorama > Managed Devices > Summary
Where to go in Panorama to see the firewall as connected
  1. Once the connection has been reestablished, push a commit from Panorama to the firewall.


Additional Information


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClffCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language