How to add a locally managed firewall to panorama management

How to add a locally managed firewall to panorama management

78446
Created On 09/26/18 13:47 PM - Last Updated 04/20/20 23:58 PM


Resolution

In order to add a locally managed firewall to panorama management, first you need to import the firewall configuration to the panorama. When importing a firewall configuration, Panorama automatically creates a template to contain the imported network and device settings. To contain the imported policies and objects, Panorama automatically creates one device group.

 

You can import configurations from firewalls that run PAN-OS 5.0 or later releases. However, Panorama releases that support configuration imports (Panorama 7.0 or later) can’t push or export configurations to firewalls running PAN-OS 6.0.3 or earlier releases.

 

 

Steps

  1. Add the firewall to the panorama managed devices list. Log into Panorama, select Panorama > Managed Devices and click Add. Enter the serial number of the firewall and click OK. Commit. For the Commit Type select Panorama, and click Commit again.
  2. Set up a connection from the firewall to Panorama. Log in to the firewall, select Device > Setup, and edit the Panorama Settings. In the Panorama Servers fields, enter the IP addresses of the Panorama management server. Click OK and Commit.
  3. Import the firewall configuration into Panorama. From Panorama, select Panorama > Setup > Operations, click Import device configuration to Panorama, and select the Device. Panorama can’t import a configuration from a firewall that is assigned to an existing device group or template. 2016-10-05_14-20-40.png
  4. Verify the configuration was imported properly and completely by comparing running and candidate config via Panorama > Config Audit > Go. If the configuration is good, click Commit and commit to type Panorama
  5. Push the device configuration bundle to the firewall to remove all policies and objects from the local configuration. Go to Panorama > Setup > Operations and click 'Export or push device config bundle'Select the Device from which you imported the configuration, click OK, and click Push & Commit.
  6. Make any necessary configuration changes and commit your changes to the device group. Click Commit and for the Commit Type select Device Group. Select Merge with Device Candidate Config,select the 'Include Device and Network Templates' check box, and click Commit. 2016-10-05_15-04-34.png


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloRCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language