I have one parent device group with 7 firewalls.
I have created 2 new device groups and i need to move 4 firewalls from the parent device group into these 2 new device groups.so each new device group will have 2 firewalls each.
right now issue is that when we push policy to 1 firewall it does out of syn for remaining.
As all these firewalls need separte policies as they are on different networks
how can i do this ?
i do not want to create outage.
Do you have all policies configured in panorama? If yes, then it is a lohical step that the remaining firewalls will be out of sync if you only commit to one of them. But out of sync is not really a problem. It only means what it says: panorama and firewall are out of sync, this will not generate an outtage in your network. With panorama you have the advantage that you can prepare everything as you need it and then push the changes to each firewall untill your device group move is done and every policy is where you need it.
for these firewalls they have polices on individual firewalls only.
Only policies that are pushed from panorama to these firewall are external dynamic policies and they are only 4 in number.
In this case you need to make sure that the devicegroups still contain all the objects that you have used locally. If the objects are in the parent device group anyway then there shouldn't be a problem. You simply need to push the config to all firewalls and they will be in sync again.
correct me if i am wrong I need to make sure if current device group has polices or objects pushed to firewalls then i should make sure those gets moved to the new device group right?
Local config on the firewall does not come in the picture right?
Right now you have one device group and you will change it to the following right?
- Parent device group (objects are configured here)
- child device group 1 (4 firewalls will be attached here)
- child device group 2 (3 firewalls will be attached here)
Right now i have Parent device group
xy 7 firewalls
will create two new device groups
test 1 2 firewalls
test 2 2 firewalls
xyz - parent 3 firewalls
test 1 2 firewalls
test 2 firewalls
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!