Active/Active Firewalls and Panorama Templates

Reply
Highlighted
L2 Linker

Active/Active Firewalls and Panorama Templates

So I'm trying to keep firewall configuration as much in Panorama as possible. With Active/Passive I can accomplish this with one template per firewall pair.

 

With an active/active firewall pair will I need a template stack to do this? One template per firewall, then a template to cover both, in a template stack? Is there an easier way to do this, while still keeping configuration in Panorama?


Accepted Solutions
Highlighted
L4 Transporter

Re: Active/Active Firewalls and Panorama Templates

This one got me for awhile back when I did it.  You are correct.  You need to create separate templates ie - templateA & templateB.  Then create a stack for each as well - stackA & stackB.  The top template of each stack will be the templates mentioned above (highest priority, top to bottom).  Usually I only include things specific the each firewall in these (HA configs, Hostname, etc).  Once this is done, I will create a template for the pair/site/global.  It's really up to you how you want to organze this.  One thing to remember that had me hung up.  A stack does not mean a stack of firewalls (ie - switch stack).  It only means a stack of templates to be applied to a firewall.  Let me know if the below example helps.

 

Example:

 

templateA (contains template specific to firewallA, ie - HA configs, hostname, etc)

templateB (contains template specific to firewallB, ie - HA configs, hostname, etc)

 

templateSite (contains template specific to the site HA pair)

 

stackA (contains templateA + templateSite + anything others) -> applied to FirewallA (in order top to bottom)

stackB (contains templateB + templateSite + anything others) -> applied to FirewallB (in order top to bottom)

View solution in original post


All Replies
Highlighted
L4 Transporter

Re: Active/Active Firewalls and Panorama Templates

This one got me for awhile back when I did it.  You are correct.  You need to create separate templates ie - templateA & templateB.  Then create a stack for each as well - stackA & stackB.  The top template of each stack will be the templates mentioned above (highest priority, top to bottom).  Usually I only include things specific the each firewall in these (HA configs, Hostname, etc).  Once this is done, I will create a template for the pair/site/global.  It's really up to you how you want to organze this.  One thing to remember that had me hung up.  A stack does not mean a stack of firewalls (ie - switch stack).  It only means a stack of templates to be applied to a firewall.  Let me know if the below example helps.

 

Example:

 

templateA (contains template specific to firewallA, ie - HA configs, hostname, etc)

templateB (contains template specific to firewallB, ie - HA configs, hostname, etc)

 

templateSite (contains template specific to the site HA pair)

 

stackA (contains templateA + templateSite + anything others) -> applied to FirewallA (in order top to bottom)

stackB (contains templateB + templateSite + anything others) -> applied to FirewallB (in order top to bottom)

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!