manage standalone or in panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

manage standalone or in panorama

Not applicable

I heard its best to manage the firewalls in Panorama.  I have imported the primary and secondary firewalls into Panorama.....i had 1 security rule that i added directly into the firewall (not via Panorama) - any ideas why i cant see this rule from Panorama?  just trying to understand this before i start adding rules and updating the firewalls

thanks for any help

Sue

1 accepted solution

Accepted Solutions

Hi Sue,

Please use the link below which provides you the steps to import config from PA firewall into Panorama.

https://live.paloaltonetworks.com/docs/DOC-1742

Hope this helps.

Thanks.

View solution in original post

8 REPLIES 8

L3 Networker

Hi Sue,

Rules should be created on Panorama and pushed to the managed devices.  Rules to not get pushed to Panorama from the managed devices.

Regards,

Oliver

L4 Transporter

Just to add to Oliver's update. If there is a policy on the device panorama will not know about that policy as there is no reverse syncing of policy from device back to panorama. Please create policies on panorama and then push it to the device from panorama. Hope this helps.

Thanks

ok thanks

so lets say I have a standalone PA500 thats working and in production and then we decide to buy a panorama server - is there a way to get the configured box into Panorama?

Sue

if there is a way to import a production PA firewall config into Panorama, can someone please post the steps needed to do this?

thanks

Sue

Hi Sue,

Please use the link below which provides you the steps to import config from PA firewall into Panorama.

https://live.paloaltonetworks.com/docs/DOC-1742

Hope this helps.

Thanks.

thanks for your information

Sue

Sue,

One other thing that I will mention when you migrate your objects and rulebases over to Panorama.  Remember to delete your objects and object groups from the main firewalls before pushing the policies from Panorama to them.  The reason for this is that you will have failures pushing the policies because Panorama will attempt to push a duplicate object name to the firewall where it already exists.

It was a little annoying at first, but I soon discovered that it can be quite handy to use Panorama as the central repository for all of your objects and object groups.  Where this gets handy is that if you need to create local policies on the firewall, you can use those shared objects for your local rules.  In our environment we have several PA firewalls and in most cases the objects used on them are going to be similar.  I can create the objects on Panorama and push the updated configuration to all of the firewalls.

One other thing to add.  If you want to use Panorama to collect the logs for your firewalls you will have to implicitly specify that the rules be sent to Panorama.  Inititally I assumed that if I created the rules in Panorama that the logs would get sent to Panorama, but that isn't the case.

Hope this helps.

thanks for all the information

I have got the 2 2020's configured and in sync so now I will import to panorama

appreciate all the info

Sue

  • 1 accepted solution
  • 4171 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!