07-17-2011 09:53 PM
I heard its best to manage the firewalls in Panorama. I have imported the primary and secondary firewalls into Panorama.....i had 1 security rule that i added directly into the firewall (not via Panorama) - any ideas why i cant see this rule from Panorama? just trying to understand this before i start adding rules and updating the firewalls
thanks for any help
Sue
07-19-2011 07:26 AM
Hi Sue,
Please use the link below which provides you the steps to import config from PA firewall into Panorama.
https://live.paloaltonetworks.com/docs/DOC-1742
Hope this helps.
Thanks.
07-18-2011 10:01 AM
Hi Sue,
Rules should be created on Panorama and pushed to the managed devices. Rules to not get pushed to Panorama from the managed devices.
Regards,
Oliver
07-18-2011 10:23 AM
Just to add to Oliver's update. If there is a policy on the device panorama will not know about that policy as there is no reverse syncing of policy from device back to panorama. Please create policies on panorama and then push it to the device from panorama. Hope this helps.
Thanks
07-18-2011 06:10 PM
ok thanks
so lets say I have a standalone PA500 thats working and in production and then we decide to buy a panorama server - is there a way to get the configured box into Panorama?
Sue
07-19-2011 07:21 AM
if there is a way to import a production PA firewall config into Panorama, can someone please post the steps needed to do this?
thanks
Sue
07-19-2011 07:26 AM
Hi Sue,
Please use the link below which provides you the steps to import config from PA firewall into Panorama.
https://live.paloaltonetworks.com/docs/DOC-1742
Hope this helps.
Thanks.
07-19-2011 07:48 AM
thanks for your information
Sue
07-24-2011 08:28 PM
Sue,
One other thing that I will mention when you migrate your objects and rulebases over to Panorama. Remember to delete your objects and object groups from the main firewalls before pushing the policies from Panorama to them. The reason for this is that you will have failures pushing the policies because Panorama will attempt to push a duplicate object name to the firewall where it already exists.
It was a little annoying at first, but I soon discovered that it can be quite handy to use Panorama as the central repository for all of your objects and object groups. Where this gets handy is that if you need to create local policies on the firewall, you can use those shared objects for your local rules. In our environment we have several PA firewalls and in most cases the objects used on them are going to be similar. I can create the objects on Panorama and push the updated configuration to all of the firewalls.
One other thing to add. If you want to use Panorama to collect the logs for your firewalls you will have to implicitly specify that the rules be sent to Panorama. Inititally I assumed that if I created the rules in Panorama that the logs would get sent to Panorama, but that isn't the case.
Hope this helps.
07-25-2011 04:12 AM
thanks for all the information
I have got the 2 2020's configured and in sync so now I will import to panorama
appreciate all the info
Sue
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
