cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Panorama Commits--what actually happens when I commit to a device-group?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
mgentile
L2 Linker
‎09-22-2013 06:04 PM
‎09-22-2013 06:04 PM

Panorama Commits--what actually happens when I commit to a device-group?

What happens when I push a policy from Panorama to a device-group firewall?  Does Panorama always push the entire configuration file, or does it first perform a 'diff,' and only push the changes?  If it performs a diff, what is the underlying mechanism it uses to track the changes?  Is it some sort of table of rule hashes, etc?  It seems pretty silly to push an entire config if only a single line changes.

Labels:
Tags (1)
0 Likes
Reply

Accepted Solutions
Highlighted
mschuricht
L4 Transporter
‎09-23-2013 09:44 AM
‎09-23-2013 09:44 AM

The entire config is pushed during the commit and not just the changes.

View solution in original post

0 Likes
Reply

All Replies
Highlighted
HULK
L7 Applicator
‎09-22-2013 07:11 PM
‎09-22-2013 07:11 PM

Hi Mgentile,

As per my understanding, upon commit the PAN-OS will always verify the difference between running config and the candidate config and then push only the difference or changes to the firewall.

Hope this helps.

Thanks

0 Likes
Reply
Highlighted
pulukas
L7 Applicator
‎09-23-2013 05:04 AM
‎09-23-2013 05:04 AM

See the full description of the commit process and all the options in the Panorama Admin guide page 79

Panorama Administrator's Guide 5.1

Commit Changes on Panorama

When you edit the configuration on Panorama, you are making changes to the candidate configuration file. The

candidate configuration is a copy of the running configuration along with the modifications that you have saved

using the Save option. The Panorama web interface displays all the configuration changes immediately, however

the changes are not implemented until you commit the changes. The commit process validates the changes in

the candidate configuration file and saves it as the running configuration on Panorama.

PanoramaCommits.PNG.png

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
0 Likes
Reply
Highlighted
mschuricht
L4 Transporter
‎09-23-2013 09:44 AM
‎09-23-2013 09:44 AM

The entire config is pushed during the commit and not just the changes.

View solution in original post

0 Likes
Reply
Highlighted
jwolach
L4 Transporter
‎07-06-2015 10:27 AM
‎07-06-2015 10:27 AM

Is a FULL commit performed on the actual firewall(s) or a PARTIAL commit?

0 Likes
Reply
Highlighted
jdelio
Community Team Member
‎07-13-2015 09:40 AM
‎07-13-2015 09:40 AM

Jwolach,

When a commit from Panorama to a device group, It is a Full commit. But you do have some options at the bottom of the screen that you can choose:

Include Device and Network Templates—

This option is available when committing a Device Group from Panorama and is a combo operation that will include both the device and network template changes. The template that will be applied to the device is the template that the device belongs to as defined in Panorama > Templates. You can also select Commit Type Template to commit templates to devices.

2015-07-13 11_25_22-HOUDC-PA-MON.png

Stay Secure,
Joe
End of line
0 Likes
Reply
Highlighted
jwolach
L4 Transporter
‎07-13-2015 09:50 AM
‎07-13-2015 09:50 AM

Hello Jdelio,

I'm familiar with the Include Device and NetworkTemplates checkbox when performing a Device Group commit.  What I wanted to know, is what type of commit actually takes place on the managed firewall(s) when just a Device Group or Device and Network Templates commit is performed.  Is it a Granular Commit or a Full Commit?

Thanks,

Jeff

0 Likes
Reply
Highlighted
jdelio
Community Team Member
‎07-13-2015 11:31 AM
‎07-13-2015 11:31 AM

It is a Full commit.

Stay Secure,
Joe
End of line
0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2020 - Palo Alto Networks