Add production firewall to panorama

Reply
L3 Networker

Add production firewall to panorama

Hi All,

We are using PAN Firewalls on 9.1.5

We have 2 HA pairs both in production with around 100 policies on each and Global Protect on 1 pair.

 

We have purchased Panorama VM and want to add the firewalls to Panorama. 

Now I did find some previous articles on this but not sure whether there is a tried and tested way. And would that work for firewalls already in production? For example, this following article is from 2018 and not sure whether it is still accurate??

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloRCAS

 

Has anyone successfully added production firewalls into panorama without disruption?

Thanks!


Accepted Solutions
L6 Presenter

Hi @rjdahav163 ,

 

For integrating Palo Alto HA with Panorama, refer below article. It gives you all the steps to be followed for the integration. I have done it several times for my production firewalls without any disruption. Also before integration, make sure Panorama firmware is >= Gateway firmware.

 

https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/manage-firewalls/transition-a-firewal...

 

Hope it helps!

 

Mayur S.

View solution in original post


All Replies
L6 Presenter

Hi @rjdahav163 ,

 

For integrating Palo Alto HA with Panorama, refer below article. It gives you all the steps to be followed for the integration. I have done it several times for my production firewalls without any disruption. Also before integration, make sure Panorama firmware is >= Gateway firmware.

 

https://docs.paloaltonetworks.com/panorama/10-0/panorama-admin/manage-firewalls/transition-a-firewal...

 

Hope it helps!

 

Mayur S.

View solution in original post

L3 Networker

@SutareMayur 

Thanks a lot, that worked!

But I have a query. After following steps in the link you gave, it created template for each firewall. The steps do mention to add them in the same stack. But then can the template of the original passive firewall be deleted?

For example:

Template created while importing Active Firewall: T-Active

Template Stack created while importing Active Firewall: T-Stack-Active (which has template T-Active)

Template created while importing Passive Firewall: T-Passive

Template Stack created while importing Passive Firewall: T-Stack-Passive (which has template T-Passive)

Now, as per the steps, we add both firewalls in the same template stack. So now both the firewalls are in template stack: T-Stack-Active

 

Now basically, the template T-Passive is unused. So can this be safely deleted? 

 

Thanks and Best Regards,

R

L6 Presenter

Hi @rjdahav163 ,

 

Glad to know that panorama integration was successful.

 

Coming to your query, yes you can safely delete the unused template which was created for 2nd/passive firewall.

 

In the article also, it is mentioned under step 6.

Mayur S.
L3 Networker

@SutareMayur 

 

Thanks for the reply.

 

Under step 6, they said delete "template stack". So even if you delete the stack, the template created for passive firewall still remains. Hence my query.

 

But all good now. I deleted the template as well. All looks good. Thanks!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!