Panorama and firewall configuration synchronization

Reply
Highlighted
L2 Linker

Panorama and firewall configuration synchronization

Hi!

 

Does anybody know, if Network or Device configuration is changed localy on the firewall, will that change will be seen in Panorama automatically? Will firewall synchronize localy config changes with Panorama?

For example. If I add new static route on the firewall (firewall is managed with Panorama), will that route will be synchronized with Panorama?

 

Thank you and best regards,

Maja

Highlighted
L4 Transporter

Why are you making changes on the firewall directly if you have Panorama (templates/stacks)?  I don't think this kind of "reverse" sync is possible.

Highlighted
Cyber Elite

Hi @mkopcic 

 

This is only a one-way sync from panorama to the firewall. So no adding a route locally on the firewall will not show up in the panorama config.

Highlighted
L4 Transporter

Personally, if I'm using Panorama I never modify the firewalls directly (unless it's an emergency).  Below is a little script I use on a fresh factory default firewall (jumbo frames optional).  Everything after this point is done via Panorama.

 

configure
delete rulebase security rules rule1
delete zone trust
delete zone untrust
delete network virtual-wire default-vwire
delete network interface ethernet ethernet1/1
delete network interface ethernet ethernet1/2
delete network virtual-router default
set deviceconfig system ip-address <ip-address> netmask <netmask> default-gateway <gateway-ip>
set deviceconfig system panorama-server <panorama-ip>
commit
exit


set system setting jumbo-frame on
y

 

request restart system
y

Highlighted
Cyber Elite


@jeremy.larsen wrote:

configure
delete rulebase security rules rule1
delete zone trust
delete zone untrust
delete network virtual-wire default-vwire
delete network interface ethernet ethernet1/1
delete network interface ethernet ethernet1/2
delete network virtual-router default


Since I started working with PaloAlto Firewalls this has been the first thing to do after unboxing ;)

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!