Importing and Managing Shared Gateway in Panorama

Reply
Highlighted
L1 Bithead

Importing and Managing Shared Gateway in Panorama

Does Panorama support managing shared-gateways?  I found one unanswered post on it, but I haven't found a conclusive statement on it in the official documentation. 

 

I recently tried to import a firewall into Panorama, but sg1 didn't seem to import with the rest of the vsys(s).


Accepted Solutions
Highlighted
L1 Bithead

Re: Importing and Managing Shared Gateway in Panorama

So - Panorama does NOT fully support Shared-Gateways.  You can import/create the shared gateway, assign it to Interfaces, but you cannot manage the NAT policy or the Forwarding policy.

 

There is a feature request already --- FR ID:4412

 

Additionally (maybe a bug), while attempting to import the policy into Panorama, I ran into an issue with named objects used as NAT translations.  These had to be changed to IP addresses on the local firewall, then re-imported before a commit to Panorama would work.   And yes, they were imported into shared.

 

Also ....  The shared-gateway NAT policy gets imported into the Panorama XML config.  It can even be found by Global Search.  Clicking on the names does nothing since there is no user interface to manage them.

 

 

 

View solution in original post


All Replies
Highlighted
L7 Applicator

Re: Importing and Managing Shared Gateway in Panorama

Panorama does support shared gateways. maybe there's an issue with importing SG's that TAC could take a look at and possibly fix

reaper - PANgurus.com
I drink and I know things
Highlighted

Re: Importing and Managing Shared Gateway in Panorama

Hello Brian,

 

Did you get any update from TAC, I appreciate your response.


Regards

Venky

Highlighted

Re: Importing and Managing Shared Gateway in Panorama

Hello Brian,

Did you get any update from TAC, I appreciate your response.

Regards

Venky

Highlighted
L1 Bithead

Re: Importing and Managing Shared Gateway in Panorama

I don't have enough information to share with TAC yet.  I will attempt to import the same firewall with shared-gateway again soon and collect a show tech and screenshots if it fails again (I did not do this before).

 

My current assumption is that I just missed something in the import process during the last attempt.

Highlighted
L1 Bithead

Re: Importing and Managing Shared Gateway in Panorama

So - Panorama does NOT fully support Shared-Gateways.  You can import/create the shared gateway, assign it to Interfaces, but you cannot manage the NAT policy or the Forwarding policy.

 

There is a feature request already --- FR ID:4412

 

Additionally (maybe a bug), while attempting to import the policy into Panorama, I ran into an issue with named objects used as NAT translations.  These had to be changed to IP addresses on the local firewall, then re-imported before a commit to Panorama would work.   And yes, they were imported into shared.

 

Also ....  The shared-gateway NAT policy gets imported into the Panorama XML config.  It can even be found by Global Search.  Clicking on the names does nothing since there is no user interface to manage them.

 

 

 

View solution in original post

Highlighted
L2 Linker

Re: Importing and Managing Shared Gateway in Panorama

Has there been any progress with this issue?  I'd like to include some NAT rules in a shared policy. But i cannot as each rule uses gateway specific IP addressing. And 'variables' cant be used in such rules.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!