- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
09-12-2017 02:43 PM
HI
Sort of asked this before, but with a couple more months of experienace, I am back again
So I have a cluster I want to manage with panorama
Object and polices work great... templates not so good.
So I have a cluster setup for Global protect, but I have to duplicate my certificates, interfaces and zones between 2 templates. because things are linked to a router and I have 2 different routers with unique routerids and I have some unquiue stuff as well, the HA ip address, the management port << this includes a management port certifcate which comes from panorama.
so I am thinking I am going to move all the unique stuff into management from within the PA directly remove panorama completely. then I have 1 template that address all the needs and I will only need to comfigure stuff once and not twice .
and I am thinking of moving away from unique names for my routers go back to using default, so when i create agg ports or other interfaces I can just assigne to default.
I find this a very big short coming of the template system for panorama. atleast if when you used the interface it looked at the stack for references to things I it would make it easier ....
09-14-2017 04:50 AM
Hi,
Just take in consideration taht Panora ma aim is to simplify config deployment between "large" number of PA.
In your case, you have only one cluster. between cluster member, confif is replicated automatically.
Then, my opinion, if you have only on cluster, integrate them in the Panorama and for management, change of context.
In parallele, your panaorma allow you to consolidate all your logs.
The best is the ennemy of the good.
Rgds
V.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!