We need to add an extra IP Range to route out one of the existing sub interfaces on the Palo Alto firewall.
The change has been committed and pushed in Panorama but is not showing on the firewall.
Both using version 8.1.3
Firewall network interface:
Panorama network interface with the change circle in red:
How do we push this change to the firewall or do we have to replicate the change on the firewalls?
Any documentation on this?
Thanks in advance!
Solved! Go to Solution.
I would check that it committed successfully. I remember when I first started using panorama I thought since I did not get an error that it committed and pushed correctly even though if you go in and check it my have failed for some reason.
The green/yellow gear symbols behind the interface on your firewall screenshot indicates that you have an override active on the firewall. This means that the interface is configured locally and overwrites the config pushed from panorama.
You can disable the override on the firewall itself - there is an option to revert in the task line below the interfaces.
Furthermore you can force template values from panorama - but this will affect all overrides!
In both cases be very careful and check that the template configuration on panorama matches the local configuration of ther firewall - or you will run into trouble!
when you say
force template values from panorama - but this will affect all overrides!
does you mean this will override any local config on firewall to new values pushed from the panorama?
yes this is the case, any part of local configuration that also exists in the panorama template will be overwritten.
Local configuration parts that do not exist in the template will remain unchanged, they do not get deleted.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!