Is there any way to import the configuration of brownfield firewall into SCM (simlar to Panorama)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is there any way to import the configuration of brownfield firewall into SCM (simlar to Panorama)

L1 Bithead

We have many brownifeld firewall in production live network. Customer purchased AIOPs license and wanted to manage all the brownfield firewall from Strata Cloud Manager (SCM).

 

Is it possible to import the existing firewall configurations into SCM and manage it further?

 

Requesting everyone to provide an immediate answer for this scenario.

5 REPLIES 5

L0 Member

@KumaraDev wrote:

We have many brownifeld firewall in production live network. Customer purchased AIOPs license and wanted to manage all the brownfield firewall from Strata Cloud Manager (SCM).

 

Is it possible to import the existing firewall configurations into SCM and manage it further?

 

Requesting everyone to provide an immediate answer for this scenario.


Hello, @KumaraDev 

To manage existing brownfield firewalls from Strata Cloud Manager (SCM), follow these steps:

Resource Configuration:
Create an OTDS Resource representing your existing firewall (e.g., PAN-OS firewall).
Configure the resource with the necessary access roles and permissions.
OAuth 2.0 Scopes:
Define appropriate OAuth 2.0 scopes for your firewall resource.
These scopes control the level of access granted to SCM.
Import Configuration:
Pull the existing firewall configuration using its XMLAPI.
Migrate the configuration into Strata Cloud Manager.
Testing and Validation:
Verify that the imported configuration works as expected within SCM.
Test various features and rules to ensure proper management.

 

 

I hope this info is helpful to you.

 

Best Regard,
Gregory Chavez

Hi @gregory109,

Thank you for your response. 

Since we are new to SCM platform, could you please guide me how to create an OTDS resource in SCM. 

Please share if there is any documents for creating OTDS resource. 

 

Regards,

KumaraDev

L0 Member

Hi @KumaraDev 

I'm looking into doing the same thing as you are, though likely with fewer firewalls.  Did you end up figuring out the OTDS resource?  My SE indicated there is a Github repo with a Python script for moving the Panorama config into SCM but I have a blend of FWs in and out of Pano, I'd like to avoid putting them all into Pano just to put them all into SCM.

 

Regards

I.Fritchy

L1 Bithead

Hi @I.Fritchy ,

As discussed with SCM product team, as of now only greenfield firewall can be onboarded and only manual configuration is possible in SCM console. They are working on including a feature to onboard brownfield firewalls into SCM and this feature will be updated into SCM in couple of months (tentatively).

 

If you get a chance, please try to reach Palo Alto SCM product team and get the latest udpate based your requirement. 

 

I have already proposed the Product team to update SCM with all the features similar to Panorama. In that case, we can onboard greenfield and brownfield firewall into SCM which saves lot of implementation time and workload. 

 

Regards,

KumaraDev

Hello Kumara,

any news about "import existing firewall configuration" feature in SCM?

I heard that i will come with the latest November update. I asked our local SE to upgrade our environment but still cannot find any "import config" setting.

Kind regards.

Fabian

  • 1414 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!