06-28-2024 01:53 PM
We have many brownifeld firewall in production live network. Customer purchased AIOPs license and wanted to manage all the brownfield firewall from Strata Cloud Manager (SCM).
Is it possible to import the existing firewall configurations into SCM and manage it further?
Requesting everyone to provide an immediate answer for this scenario.
06-28-2024 09:43 PM
@KumaraDev wrote:
We have many brownifeld firewall in production live network. Customer purchased AIOPs license and wanted to manage all the brownfield firewall from Strata Cloud Manager (SCM).
Is it possible to import the existing firewall configurations into SCM and manage it further?
Requesting everyone to provide an immediate answer for this scenario.
Hello, @KumaraDev
To manage existing brownfield firewalls from Strata Cloud Manager (SCM), follow these steps:
Resource Configuration:
Create an OTDS Resource representing your existing firewall (e.g., PAN-OS firewall).
Configure the resource with the necessary access roles and permissions.
OAuth 2.0 Scopes:
Define appropriate OAuth 2.0 scopes for your firewall resource.
These scopes control the level of access granted to SCM.
Import Configuration:
Pull the existing firewall configuration using its XMLAPI.
Migrate the configuration into Strata Cloud Manager.
Testing and Validation:
Verify that the imported configuration works as expected within SCM.
Test various features and rules to ensure proper management.
I hope this info is helpful to you.
Best Regard,
Gregory Chavez
06-29-2024 11:27 AM
Hi @gregory109,
Thank you for your response.
Since we are new to SCM platform, could you please guide me how to create an OTDS resource in SCM.
Please share if there is any documents for creating OTDS resource.
Regards,
KumaraDev
10-23-2024 12:55 PM
Hi @KumaraDev
I'm looking into doing the same thing as you are, though likely with fewer firewalls. Did you end up figuring out the OTDS resource? My SE indicated there is a Github repo with a Python script for moving the Panorama config into SCM but I have a blend of FWs in and out of Pano, I'd like to avoid putting them all into Pano just to put them all into SCM.
Regards
I.Fritchy
10-25-2024 12:53 AM
Hi @I.Fritchy ,
As discussed with SCM product team, as of now only greenfield firewall can be onboarded and only manual configuration is possible in SCM console. They are working on including a feature to onboard brownfield firewalls into SCM and this feature will be updated into SCM in couple of months (tentatively).
If you get a chance, please try to reach Palo Alto SCM product team and get the latest udpate based your requirement.
I have already proposed the Product team to update SCM with all the features similar to Panorama. In that case, we can onboard greenfield and brownfield firewall into SCM which saves lot of implementation time and workload.
Regards,
KumaraDev
11-21-2024 08:24 AM
Hello Kumara,
any news about "import existing firewall configuration" feature in SCM?
I heard that i will come with the latest November update. I asked our local SE to upgrade our environment but still cannot find any "import config" setting.
Kind regards.
Fabian
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
