https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-cloning-for-dr/m-p/539877#M1173 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/238781">@Charlie80</a> ,</P> <P>&nbsp;</P> <P>Yes, moving cluster 2 to the new device group and template will work.&nbsp; The Policies and Objects will be replaced.&nbsp; The Network and Device configuration may or may not be replaced.&nbsp; It depends if anything is currently overridden on the NGFWs.&nbsp; You may have to select Force Template Values.&nbsp; You will get a warning that you may break connectivity because template have IP addresses, etc.&nbsp; You should have Automated Commit Recovery enabled.&nbsp; With any production cutover, you will need to do your due diligence to prevent outages.</P> <P>&nbsp;</P> <P>Cluster 1 will not be impacted if you do not make any changes to the device group or templates.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Tom</P> Mon, 24 Apr 2023 09:17:04 GMT TomYoung 2023-04-24T09:17:04Z https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-cloning-for-dr/m-p/539674#M1171 <P>Hello,</P> <P>I have a Panorama that manage 2 cluster. Each one have a dedicated Device-Group and Template.</P> <P>Now the cluster 2 must be recycled as a DR of the cluster 1.&nbsp;</P> <P>My idea is to reassign the cluster 2 to the same DG and Templ of the cluster 1. Should works, right?</P> <P>As far as I know if I move the cluster 2 on the same DG/templ the Panorama "add" the new conf . How I can "force" to replace the entire conf with the Cluster 1conf on cluster 2? </P> <P>Am I forgetting something?</P> <P>There is any impact on the cluster 1 (like outage etc)?</P> <P>&nbsp;</P> <P>Note. of course the Cluster 2 data plane interface will be moved in the DR Vlan to avoid the duplicated address</P> Fri, 21 Apr 2023 08:18:39 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-cloning-for-dr/m-p/539674#M1171 Charlie80 2023-04-21T08:18:39Z https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-cloning-for-dr/m-p/539877#M1173 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/238781">@Charlie80</a> ,</P> <P>&nbsp;</P> <P>Yes, moving cluster 2 to the new device group and template will work.&nbsp; The Policies and Objects will be replaced.&nbsp; The Network and Device configuration may or may not be replaced.&nbsp; It depends if anything is currently overridden on the NGFWs.&nbsp; You may have to select Force Template Values.&nbsp; You will get a warning that you may break connectivity because template have IP addresses, etc.&nbsp; You should have Automated Commit Recovery enabled.&nbsp; With any production cutover, you will need to do your due diligence to prevent outages.</P> <P>&nbsp;</P> <P>Cluster 1 will not be impacted if you do not make any changes to the device group or templates.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Tom</P> Mon, 24 Apr 2023 09:17:04 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/firewall-cloning-for-dr/m-p/539877#M1173 TomYoung 2023-04-24T09:17:04Z