Recently, we added more PA devices to our infrastructure and we decided to start using Panorma to manage all these devices.
So far, we haven't experienced an improvement in efficiency or user/admin friendliness.
Let me (try to) explain:
We have two firewalls who are configured as an active/active setup. (No panorma yet).
These firewalls had to use different virtual router configuration so that part could not be synced.
Whenever we needed to add policies, we could perform this on one node and let commit do the replication as well.
Now, with Panorma added, things apparantly have changed but, the way I see it, not necessarily for the better.
Changes now need to happen at the Panorama (makes sense), but because of earlier mentioned virtual router situation these firewalls cannot be added together in a device group or so I'm told.
And this means whenever a (policy) change needs to be implemented it needs to be done seperately on both firewalls through seperate push and commits?
Please help me understand this better, or explain what can be improved in this situation. To configure Panorama to help us more instead of creating more work.
You want to look into using template stacks
This allows for 2 or more firewalls to have certain shared and certain not-shared config bits to still happily coexist in a single device group
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!