Wondering if anyone has come across this issue. We recently had to RMA one of our firewalls and we have a fairly extensive / complicated policy set in Panorama which consists of the following:
Shared Pre Rules targeted to specific firewalls
Device Group Pre rules targeted to specific firewalls
Device Group Post rules targeted to specific firewalls
Shared Post Rules targeted to specific firewalls
This being said, it presented a major headache in doing the RMA because the firewall that was removed and consequently replaced had to be manually removed from the rules - one by one - and then the new one added in the same process. This RMA took approximately 3 hours to complete which seems really excessive.
So, I am wondering if anyone has come up with a way via CLI or other to handle this replacement in an "automated" fashion? It behooves me that PA doesn't have native support for this type of thing.
There is a CLI command in Panorama called: "replace" that will achieve your goal. This was introduced in Panorama 5.1.
replace device old <value> new <value>
I am surprised that the TAC Engineer that we were working with did not inform us of this...I even asked specifically.
I'm surprised too. The procedure for RMA replacement is long and reasonably complicated. But it is very well documented. See pages 176 and following in the Panorama admin guide. I've had to do this a few times over the years.
The replace portion is specifically on page 179.
Tasks on the Panorama CLI
You cannot perform these tasks on the Panorama web interface.
Replace the serial number of the old device with that of the new replacement device on Panorama.
By replacing the serial number on Panorama you allow the new device to connect to Panorama after you restore the configuration on the device.
1. Enter the following command in operational mode: replace device old <old SN#> new <new
2. Go in to configuration mode and commit your changes.
3. Exit configuration mode. exit
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!