Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience.
01-03-2021 05:02 PM
Hi All,
We are using PAN Firewalls on 9.1.5
We have 2 HA pairs both in production with around 100 policies on each and Global Protect on 1 pair.
We have purchased Panorama VM and want to add the firewalls to Panorama.
Now I did find some previous articles on this but not sure whether there is a tried and tested way. And would that work for firewalls already in production? For example, this following article is from 2018 and not sure whether it is still accurate??
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloRCAS
Has anyone successfully added production firewalls into panorama without disruption?
Thanks!
01-03-2021 09:58 PM
Hi @rjdahav163 ,
For integrating Palo Alto HA with Panorama, refer below article. It gives you all the steps to be followed for the integration. I have done it several times for my production firewalls without any disruption. Also before integration, make sure Panorama firmware is >= Gateway firmware.
Hope it helps!
01-03-2021 09:58 PM
Hi @rjdahav163 ,
For integrating Palo Alto HA with Panorama, refer below article. It gives you all the steps to be followed for the integration. I have done it several times for my production firewalls without any disruption. Also before integration, make sure Panorama firmware is >= Gateway firmware.
Hope it helps!
01-05-2021 02:45 PM
Thanks a lot, that worked!
But I have a query. After following steps in the link you gave, it created template for each firewall. The steps do mention to add them in the same stack. But then can the template of the original passive firewall be deleted?
For example:
Template created while importing Active Firewall: T-Active
Template Stack created while importing Active Firewall: T-Stack-Active (which has template T-Active)
Template created while importing Passive Firewall: T-Passive
Template Stack created while importing Passive Firewall: T-Stack-Passive (which has template T-Passive)
Now, as per the steps, we add both firewalls in the same template stack. So now both the firewalls are in template stack: T-Stack-Active
Now basically, the template T-Passive is unused. So can this be safely deleted?
Thanks and Best Regards,
R
01-05-2021 07:56 PM
Hi @rjdahav163 ,
Glad to know that panorama integration was successful.
Coming to your query, yes you can safely delete the unused template which was created for 2nd/passive firewall.
In the article also, it is mentioned under step 6.
01-06-2021 04:36 PM
Thanks for the reply.
Under step 6, they said delete "template stack". So even if you delete the stack, the template created for passive firewall still remains. Hence my query.
But all good now. I deleted the template as well. All looks good. Thanks!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
