This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Panorama and firewall configuration synchronization

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Panorama and firewall configuration synchronization

mkopcic
L2 Linker

‎03-26-2019 06:39 AM

Hi!

 

Does anybody know, if Network or Device configuration is changed localy on the firewall, will that change will be seen in Panorama automatically? Will firewall synchronize localy config changes with Panorama?

For example. If I add new static route on the firewall (firewall is managed with Panorama), will that route will be synchronized with Panorama?

 

Thank you and best regards,

Maja

1 person had this problem.
0 Likes Likes
4 REPLIES 4

jeremy.larsen
L4 Transporter

‎03-26-2019 07:30 AM

Why are you making changes on the firewall directly if you have Panorama (templates/stacks)?  I don't think this kind of "reverse" sync is possible.

0 Likes Likes

Remo
L7 Applicator
In response to jeremy.larsen

‎03-26-2019 08:14 AM

Hi @mkopcic 

 

This is only a one-way sync from panorama to the firewall. So no adding a route locally on the firewall will not show up in the panorama config.

jeremy.larsen
L4 Transporter
In response to Remo

‎03-26-2019 08:34 AM - edited ‎03-26-2019 02:28 PM

Personally, if I'm using Panorama I never modify the firewalls directly (unless it's an emergency).  Below is a little script I use on a fresh factory default firewall (jumbo frames optional).  Everything after this point is done via Panorama.

 

configure
delete rulebase security rules rule1
delete zone trust
delete zone untrust
delete network virtual-wire default-vwire
delete network interface ethernet ethernet1/1
delete network interface ethernet ethernet1/2
delete network virtual-router default
set deviceconfig system ip-address <ip-address> netmask <netmask> default-gateway <gateway-ip>
set deviceconfig system panorama-server <panorama-ip>
commit
exit


set system setting jumbo-frame on
y

 

request restart system
y

Remo
L7 Applicator
In response to jeremy.larsen

‎03-26-2019 10:16 AM

@jeremy.larsen wrote:

configure
delete rulebase security rules rule1
delete zone trust
delete zone untrust
delete network virtual-wire default-vwire
delete network interface ethernet ethernet1/1
delete network interface ethernet ethernet1/2
delete network virtual-router default

Since I started working with PaloAlto Firewalls this has been the first thing to do after unboxing 😉

  • 8066 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks