- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-19-2020 10:45 PM
A pair of firewall managed by Panorama.
I only use the device group in Panorama.
If I add a new vsys ( i.e. vsys2 ) in firewall , Panorama will show the new vsys ?
08-20-2020 05:50 AM
First, only thing that you should look is, Is your gateway supports multi vsys ? Multi vsys are supported on 3200 series and on wards models. You need license to enable multi vsys on 3200 series models.
And Yes if you add new vsys on the Panorama and push configuration on the gateway, new vsys will be visible on the Panorama under desired template where you have created the vsys as well as on the gateways. Once vsys is created, you can take required interface under new vsys and also have separate DG. Now you didn't mention anything about templates. How are you managing the templates?
08-20-2020 08:18 PM
Thanks for your reply.
i do not use the template from panorama to create the vsys. is it possible ?
my template only have some sylog server setting and authentication setting.
For network part( like interface , routing ,.. ) , i will configure on the firewall ( not panorama ) .
For panorama, i use the device group to deploy the security policy ,NAT, object,...)
when i add new vsys on firewall ( not panorama ), how Panorama work for this newly created vsys ?
05-22-2023 03:34 PM - edited 05-26-2023 09:11 AM
Hi @Martin_Chung ,
You cannot create a new vsys from Panorama. It needs to be created on the NGFW. Edit: I got this from an old document! You can create a vsys on Panorama! https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLsWCAW
Template settings have a vsys option.
The vsys should show up as a separate device for device groups. I am not sure if it will populate automatically in the list when you create it. That allows you to push a separate set of rules to the new vsys.
Please create the new vsys locally and let me know if you can see it in the list of devices under Panorama > Device Groups.
Thanks,
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!