refer picture below , client plan to consolidate their existing 1gig link to 10 gig link
Information
1. Palo Alto is manage by Panorama
2. Palo Alto configure using default service route which is management IP 10.2.1.0/24
3. Client would like to consolidate the transit and Mgmt interface
4. Traffic from Panorama to Palo Alto management is via the transit interface at Palo Alto
Question
1. When perform consolidation, Panorama midst pushing configuration to Palo Alto and interface changed will this cause the connection between Panorama and Palo Alto break ? The configuration cant completely deploy will cause the connection interuptted
2. If will cause outages, what is the best solution to consolidate the interface ?
Good Day
If I understand your question correctly, you are concerned that if/when you change interfaces (to consolidate them) that this will break connectivity and perhaps get a failure. Allow me to explain that the Panorama will push the updated template information to the FW. You could ensure that the auto commit recovery parameters are changed, to allow for the push to be completed.
Let me give example. I did a project where a remote FW was only accessible via a site to site VPN. When we needed to change the key, it would disconnect the FW, break the VPN, and then the FW would auto commit recover.
I have unchecked this box before, disconnected my FW from Panorma due to the change and then established my VPN, and then activated the Enable automated commit recovery button.
I think this is what you need to do for your config as well.
