Network Interface not pushed from Panorama

L3 Networker

Network Interface not pushed from Panorama

Hello,

 

We need to add an extra IP Range to route out one of the existing sub interfaces on the Palo Alto firewall.

The change has been committed and pushed in Panorama but is not showing on the firewall.

Both using version 8.1.3

 

Firewall network interface:

 

FW network interface.jpg

 

Panorama network interface with the change circle in red:

Panorama network interface.jpg

 

 

How do we push this change to the firewall or do we have to replicate the change on the firewalls?

Any documentation on this?

 

Thanks in advance!

L7 Applicator

Re: Network Interface not pushed from Panorama

@FarzanaMustafa,

If the commit and push had finished completely are you positive you made the change to the right template? 

L2 Linker

Re: Network Interface not pushed from Panorama

I would check that it committed successfully. I remember when I first started using panorama I thought since I did not get an error that it committed and pushed correctly even though if you go in and check it my have failed for some reason. 

 

L2 Linker

Re: Network Interface not pushed from Panorama

The green/yellow gear symbols behind the interface on your firewall screenshot indicates that you have an override active on the firewall. This means that the interface is configured locally and overwrites the config pushed from panorama.

 

You can disable the override on the firewall itself - there is an option to revert in the task line below the interfaces.

 

Furthermore you can force template values from panorama - but this will affect all overrides! 

 

In both cases be very careful and check that the template configuration on panorama matches the local configuration of ther firewall - or you will run into trouble!

 

L4 Transporter

Re: Network Interface not pushed from Panorama

when you say  

force template values from panorama - but this will affect all overrides! 

 

does you mean this will override any local config on firewall to new values pushed from the panorama?

L2 Linker

Re: Network Interface not pushed from Panorama

yes this is the case, any part of local configuration that also exists in the panorama template will be overwritten.

 

Local configuration parts that do not exist in the template will remain unchanged, they do not get deleted.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!