How to Replace a Managed Device with a New Device on Panorama from the CLI

Printer Friendly Page


Older managed device can be replaced with new device by using a CLI command.

Important: Do not add the replacement unit under managed devices.



Perform the following steps from the Panorama CLI.

  1. Enter the following command:
    > replace device old <old SN#> new <new SN#>
  2. Go into configuration mode and commit the changes.
    > configure
    # commit


On the managed firewall, configure the Panorama IP address (Device > Setup > Management > Panorama Settings) and commit the changes.

Note: The device will be in a connected state on Panorama once the new firewall is configured with the Panorama IP address .


owner: tindla

Tags (5)

Is it expected that you still need to replace the serial number in policy targets?



It's important to read the final NOTE in the article above. The result of this task is a new device group that is a copy of the orginal and contains all of the devices that were formerly in the original device group. Note only do the devices move from the original DG to the copy, but all policies with rules that have targets are also in the copy.


Therefore, it is not necessary to edit rules in the COPY to once again specify the targets for each rule, as necessary.


The final step may be to rename the original DG so that the COPY can be renamed back to the original name