Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
03-27-2019 03:06 PM
So I'm trying to keep firewall configuration as much in Panorama as possible. With Active/Passive I can accomplish this with one template per firewall pair.
With an active/active firewall pair will I need a template stack to do this? One template per firewall, then a template to cover both, in a template stack? Is there an easier way to do this, while still keeping configuration in Panorama?
03-28-2019 06:33 AM
This one got me for awhile back when I did it. You are correct. You need to create separate templates ie - templateA & templateB. Then create a stack for each as well - stackA & stackB. The top template of each stack will be the templates mentioned above (highest priority, top to bottom). Usually I only include things specific the each firewall in these (HA configs, Hostname, etc). Once this is done, I will create a template for the pair/site/global. It's really up to you how you want to organze this. One thing to remember that had me hung up. A stack does not mean a stack of firewalls (ie - switch stack). It only means a stack of templates to be applied to a firewall. Let me know if the below example helps.
Example:
templateA (contains template specific to firewallA, ie - HA configs, hostname, etc)
templateB (contains template specific to firewallB, ie - HA configs, hostname, etc)
templateSite (contains template specific to the site HA pair)
stackA (contains templateA + templateSite + anything others) -> applied to FirewallA (in order top to bottom)
stackB (contains templateB + templateSite + anything others) -> applied to FirewallB (in order top to bottom)
03-28-2019 06:33 AM
This one got me for awhile back when I did it. You are correct. You need to create separate templates ie - templateA & templateB. Then create a stack for each as well - stackA & stackB. The top template of each stack will be the templates mentioned above (highest priority, top to bottom). Usually I only include things specific the each firewall in these (HA configs, Hostname, etc). Once this is done, I will create a template for the pair/site/global. It's really up to you how you want to organze this. One thing to remember that had me hung up. A stack does not mean a stack of firewalls (ie - switch stack). It only means a stack of templates to be applied to a firewall. Let me know if the below example helps.
Example:
templateA (contains template specific to firewallA, ie - HA configs, hostname, etc)
templateB (contains template specific to firewallB, ie - HA configs, hostname, etc)
templateSite (contains template specific to the site HA pair)
stackA (contains templateA + templateSite + anything others) -> applied to FirewallA (in order top to bottom)
stackB (contains templateB + templateSite + anything others) -> applied to FirewallB (in order top to bottom)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
