Stale Azure Cloud NGFWs still show up on the Panorama GUI.

Why do stale Cloud NGFWs on Azure that you no longer use, still show up on the Panorama (as in Panorama GUI > Panorama > Managed Devices > Summary)?

Cloud NGFW on Azure (Palo Alto Networks, Inc., 2024) such that:

• It has been integrated into your Panorama (Palo Alto Networks, Inc., 2024),
• Which means the Azure Plugin for Panorama has been installed.
• It isn’t in use (e.g. it has been decommissioned in favor of another CNGFW with a newer PAN-OS version) and its entry needs to be removed from the Panorama.

• When the Azure Plugin detects stale CNGFWs, it proceeds to clean up by removing the Device Group / Template / Collector Group associated with said stale CNGFWs.
• However, actually purging the VM from the summary UI (as in Panorama GUI > Panorama > Managed Devices > Summary) requires a commit to be made.
• As a result, even if the CNGFWs don’t exist any more, a commit is required in order to remove their entries from your Panorama.
• The commit doesn’t have to be meaningful; a dummy commit should do.

References

Palo Alto Networks, Inc. (2024, 07 24). Cloud NGFW for Azure. Palo Alto Networks TechDocs. https://docs.paloaltonetworks.com/cloud-ngfw/azure/cloud-ngfw-for-azure/getting-started-with-cngfw-for-azure/cloud-ngfw-overview

Palo Alto Networks, Inc. (2024, 07 24). Panorama Integration. Palo Alto Networks TechDocs. https://docs.paloaltonetworks.com/cloud-ngfw/azure/cloud-ngfw-for-azure/panorama-policy-management/panorama-integration-overview