11-21-2018 05:25 PM - edited 11-21-2018 05:30 PM
Hi all,
I upgraded from an 8.0 release to 8.1.3 to prepare for a migration to some new hardware. I did a commit after the upgrade to make sure everything was synced up between Panorama and the firewalls and I believe everything went ok.
I was making some adjustments at the recommendation of the Best Practices analyzer in Expedition and noticed it failed to commit due to something in a Template Stack. This confused me a bit since I gave up on Template Stacks over a year ago when I first tried them due to not being able to reference values in a template lower in the stack (common values but they had to be referenced in non-common config areas).
I looked again tonight and it appears Panorama created two "_mig" template-stack configs, migrated from each of my two device configs, and moved the devices over to use those.
Was this expected behavoir that I missed in the notes somewhere? If so, is there any issues with moving each firewall back to its original device config and deleting the migrated template-stacks or should we be using template-stacks moving forward?
Thanks!
*edit* Looking at this a little further, it appears the new template-stacks it created are actually each referencing their corresponding original template files. The Commit and Push failed due to a missing "device-id" in the HA configuration.
11-22-2018 11:48 AM
This is because of a change in the default behaviour on Panorama with PAN-OS 8.1. Firewalls can o longer be attached to a template, they must be attached to a template stack (even if you don't add any temolates to the stack). Because of that panorama creates template stacks automatically when you upgrade to 8.1 for all firewalls that aren't added to a template stack yet.
11-21-2018 06:06 PM
i also saw same behaviour once i upgrade Panormama from 8.0.9 to 8.1
waiting for answer
11-22-2018 11:48 AM
This is because of a change in the default behaviour on Panorama with PAN-OS 8.1. Firewalls can o longer be attached to a template, they must be attached to a template stack (even if you don't add any temolates to the stack). Because of that panorama creates template stacks automatically when you upgrade to 8.1 for all firewalls that aren't added to a template stack yet.
11-22-2018 01:21 PM
Many Thanks for reply
11-22-2018 06:18 PM
@Remo any idea why it would be missing data after migrating to a stack? It seems like if that information was required it would have been in the original template or else I wouldn't have been able to commit.
11-23-2018 09:10 AM
Right now my only idea is a bug - so during the migration this little part got lost...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
