Palo Alto Networks Knowledgebase: How to View the Local Rules on Managed Devices from Panorama

How to View the Local Rules on Managed Devices from Panorama

3311
Created On 02/07/19 23:44 PM - Last Updated 02/07/19 23:45 PM
Policy
Resolution

Details

In an environment where several Palo Alto Networks firewalls are being managed with Panorama, it can be an inconvenience when an administrator has to switch context every time they want to view local rules on the firewall.

 

The following are a few examples that conveniently allow the administrator to view local rules.

Under Panorama > Device, there is an option called Preview Rules, as shown below. With this feature the complete rule base for each device can be accessed and managed by Panorama. However, it will not work unless at least one device group has been committed to the managed devices.

previe-local.png

 

Local rules are identified as the non grayed-out rules, while the Panorama pushed rules are the grayed out rules, as shown below.

preview-local2.png

 

In addition to previewing local Security policies on a managed device, other rules such as, NAT, QoS, Policy Based Forwarding, Decryption, Application Override, Captive Portal and DoS Protection can be previewed as well.

Device-group.png

 

owner: sodhegba



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cls4CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language