Device Config Import into Panorama removes all the objects

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Device Config Import into Panorama removes all the objects

L4 Transporter

We have firewalls in HA and are multi-vsys. I am trying to to get them into Panorama, but as i import the config it removes almost all objects and Panorama device groups only shows shared objects. Any object that was local to to vsys does not show and they are gone completely from firewall. Also for the same reason a push from panorama or local commit fails as objects are missing that are being pointed to by the firewall.  

3 REPLIES 3

L7 Applicator

Try it this way:

  1. Import configuration to panorama and check the checkbox for creating shared objects in panorama shared context
  2. If you need to change something in the config, do it now and then do a panorama commit
  3. Export the device state to the firewall. Only export, not export and commit.
  4. Connect to the firewall, go into config mode and enter the command "load device-state". Still no commit.
  5. Push the configuration from panorama to the firewall and check the checkbox for include template values and merge with candidate config.

At least I migrated sucessfully more than 6 clusters this way (Panorama was on PAN-OS 😎

Can you elaborate how to do step 3. Do you mean exporting the config locally.

We are on 7.1.9, also would the 1st step import all the objects inindvidual vsys into panorama.

 

Export the device state to the firewall. Only export, not export and commit.

Had to check shortly if step 3 already is possible with PAN-OS 7.1.

But according to the admin guide, step 3 can be done (as with PAN-OS 😎 here:

Panorama > Setup > Operations and click Export or push device config bundle

 

There (if you go the same way as I described) you have to choose the device and then "push" the device state. (Export was little bit of the wrong word to describe what I meant)

  • 2756 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!