How to move a managed firewall from one Panorama to another

• Panorama with Managed Firewalls
• Supported PAN-OS

1. Export a named configuration snapshot and device state from the firewall. Always take backups before starting.

• Device > Setup > Operations > Save named configuration snapshot
• Device > Setup > Operations > Export named configuration snapshot
• Device > Setup > Operations > Export device state

2. Disable Panorama Policy and Objects

• Device > Setup > Management > Panorama Settings

3. Enable the box to Import Panorama Policy and Objects before disabling. If you do not select it, Panorama pushed settings will be lost:

4. Repeat the same with Disable Device and Network Template
5. Commit the changes to the firewall. All configuration will be local to the firewall.
6. Perform a sc3 reset on the firewall. Log in to Firewall CLI and run the commands:

> request sc3 reset
> debug software restart process management-server

7. Login to the new Panorama and follow the steps to add the firewall here
8. Configure the firewall for the new Panorama IP and Auth Key. Be sure to re-enable the Panorama Policy and Objects and the Device and Network Template, by clicking the enable button:

• Device > Setup > Management > Panorama Settings

9. Commit your changes to the firewall
10. Verify that the firewall is connected to Panorama
11. Continue to import the firewall configuration to the new panorama following the admin guide:
    • Migrate a firewall to Panorama Management and Reuse existing configuration
    • Migrate a firewall HA Pair to Panorama Management and Reuse existing configuration

• Transition a firewall to panorama management
• Migrate a firewall to panorama management
• Migrate a firewall ha pair to panorama management
• Add a firewall as a managed device