03-01-2011 05:19 AM
Hi all,
I might have a little understanding problem here. Is the commit process from within Panorama a two step process ?
1.) In Panorama Policies tab, go to Security Policy.Choose correct device group, modify security policy as required and click on commit when done.
This does not install the committed Policy to the Firewall yet.
2.) In Panorama select Panorama tab and choose context Panorama. Go to "Managed Devices" and click on "Commit all" for the apropriate Firewall.
This installs the changed security policy to the Firewall.
Is this meant to be like that ?
rgds Roland
03-01-2011 08:36 AM
Hi Roland,
You don't necessarily have to hit the commit button at the upper-right in Panorama when making policy changes. That commits to the local Panorama server and does not push the items to the firewalls. This is used more for Panorama-specific configuration changes.
To push the candidate config in Panorama to the firewalls you go to Managed Devices and commit all either on the specific firewall or device group. There is a drop-down at the bottom to allow you to switch between individual firewall view or device group view.
Cheers,
Kelly
03-01-2011 12:38 PM
Hi Kelly,
ok I understand but I think most of our Check Point minded customers will not like that. The commit button in the upper right implies to apply whatever has been changed in the central management to the local firewall modules, be it in a security policy or a NAT rule etc. Currently I would not call that procedure straight forward and easy...
Also this concept is not consistent it depends on the context you are in Panorama. if you are in the device context then the upper right commit button will do the job.
Personally from my experience I must say in an enterprise environment with more than just two firewalls, an easy to use and at the same time powerful central firewall management is an absolute MUST..
I see progress in Panorama but it's still a long way to go when I compare it to SmartCenter R75.
Something else which is really annoying is the slowness of the web based management. Is it just me or is anyone else complaining about that ? I am using a PA-2020 and Panorama in our Lab and again if I compare it to Check Point it's like night and day... There must be really some improvement from PA. Lately I was showing the Mgmnt. GUI of a PA firewall to a customer, the first question was, is this going to be faster in the next release ?
rgds Roland
03-02-2011 05:44 AM
Slow WebUI can often be:
DNS settings - unable to resolve, then better to have no DNS server for WebUI Speed
Ethernet Speed and Duplex
Browser plugins - thinkgs like java script checker in FF
Thanks
James
03-02-2011 05:47 AM
I am aware of this, but I can assure you all this basic networking stuff is working fine on our side. rgds Roland
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
