How to Replace a Managed Firewall with a New Firewall on Panorama from the CLI

How to Replace a Managed Firewall with a New Firewall on Panorama from the CLI

120672
Created On 09/25/18 20:39 PM - Last Modified 02/01/24 09:48 AM


Symptom


To replace a managed firewall with a newly received (same model) firewall.
 

Environment


  • Panorama managed Palo Alto Networks Firewall.
  • PAN-OS 8.1 or above
  • Replacement of same model Firewall on Panorama.

Resolution


Do not try to add the replacement unit under managed devices. Instead perform the following steps from the Panorama CLI.

  1. On the Panorama, Enter the following command:
> replace device old <old SN#> new <new SN#>
  1. Go into configuration mode and commit the changes.
> configure
# commit
# exit
  1. On the managed firewall, configure the Panorama IP address under GUI: Device > Setup > Management > Panorama Settings
  2. Commit the changes on the Firewall.


Note: The device will be in a connected state on Panorama once the new firewall is configured with the Panorama IP address .

 

 

Additional Information


These instructions are applicable for the replacement of the same model firewall on Panorama configuration only. In case the new firewall is of a different model, it is recommended to onboard Panorama management using the standard process stated in the following document
https://docs.paloaltonetworks.com/panorama/11-0/panorama-admin/manage-firewalls/add-a-firewall-as-a-managed-device
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CljGCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language