Overview(Configuration template support in Panorama)
When a virtual system (VSYS) configuration is pushed from a Panorama template to a managed Palo Alto Networks device, the following algorithm is applied on the device:
- The device first attempts a name match.
- If successful, then the configuration for the matching vsys on the device will receive the configuration pushed from Panorama.
- If the name match fails, the device will perform a VSYS ID match on an unnamed vsys
- If an ID match succeeds on an unnamed VSYS, then it will receive the name and configuration pushed from Panorama
- Finally, if the VSYS ID match fails, a new vsys will be created on the device with the name and configuration pushed from Panorama.
- The new vsys will be assigned the next available ID
For example, a templated VSYS is created as vsys3 (ID of 3), and pushed to a managed Palo Alto Networks device.
- If the name, vsys3, is not found, then the device will attempt to find an unnamed VSYS with ID of 3.
- If an unnamed vsys with ID 3 does not exist, then a new vsys will be created with the name vsys3 (and assigned the next available ID).
Note: In general, it is recommended to apply meaningful names to virtual systems (for example: Finance, Marketing, etc.) instead of the label name “vsys3”, which may be assumed to mean the same as ID = VSYS 3.
owner: apasupulati
