Palo Alto Networks Knowledgebase: How to View the Local Rules on Managed Devices from Panorama

How to View the Local Rules on Managed Devices from Panorama

Created On 02/07/19 23:44 PM - Last Updated 02/07/19 23:45 PM


In an environment where several Palo Alto Networks firewalls are being managed with Panorama, it can be an inconvenience when an administrator has to switch context every time they want to view local rules on the firewall.


The following are a few examples that conveniently allow the administrator to view local rules.

Under Panorama > Device, there is an option called Preview Rules, as shown below. With this feature the complete rule base for each device can be accessed and managed by Panorama. However, it will not work unless at least one device group has been committed to the managed devices.



Local rules are identified as the non grayed-out rules, while the Panorama pushed rules are the grayed out rules, as shown below.



In addition to previewing local Security policies on a managed device, other rules such as, NAT, QoS, Policy Based Forwarding, Decryption, Application Override, Captive Portal and DoS Protection can be previewed as well.



owner: sodhegba

  • Print
  • Copy Link

Choose Language