Hi,
As far as I know this use case involves some manual steps to get it right and cannot be done with a simplr (almost) one click solution like the one you references. I would recommend the following steps:
1. Import the active FW to panorama
2. Clone this template or maybe just create a new one for the device specific setting of the active FW (e.g. mgmt ip,...)
3. Repeat step 2 for the settings of the passive clustermember
4. Create two Template stacks (one for each clustermember) and add the template whitch was created when you imported the active FW to both of the template stacks
5. Add the device specific templates also to their corresponding template stacks
6. If not done already add the serialnumber of the passive FW to panorama
7. Assign the firewalls (serialnumbers) to the created template stacks and also make sure you added both devices to the devicegroup which was created while importing the active firewall
8. Check again your settings in the templates and the device group if everything is correct
9. Commit (without forcing template values)
A) on the active device there should be now problem with the commit because aöl the local configuration is now exactly as it was also in panorama
B) on the passive firewal, acivate the checkbox "Merge with candidate config" when you commit
10. If the commit succeeded, check locally on the firewalls to make sure that the template values are present, but not yet active
11. If everything looks good, do another commit from panorama, this time with the option "Force template values"
Actually these are the steps which I was thinking about. I have not done this yet but I have to migrate a few clusters to panorama in the next two weeks. So if anyone has other tipps or a better solution I would also appreciate it.
Regards,
Remo
PS: The HA Configuration has to stay locally because of some panorama referencing problems (panorama cannot set the HA IP addresses but without them it is not possible to commit the ha configuration to the firewalls)
