Panorama sharing Zones between Templates?

Reply
Highlighted
L4 Transporter

Panorama sharing Zones between Templates?

I'm pretty sure this is a feature request, but I'm throwing it out there in case anyone has info.

 

I would like to share zones between templates for my template stacking scheme.  Currently stacks look something like this - 

 

FIREWALL STACK

------------------------------

  1. Local_FW
  2. Local_FW_HA
  3. Location
  4. City
  5. Global

------------------------------

 

What I want to do is set my zones up in the Global template and have them accessible in my more localized templates.  This way I can create these zones only once, and use everywhere.  Currently I don't think this is possible.

Highlighted
L4 Transporter

@jeremy.larsen 

I think what you describe is actually working now. If you configure zone a temlate applied to all your devices,then it will be pushed to all your firewalls.

The zone may not show the first time you use it in secuirty policy, but as long you copy and paste the exact name, it will show for future changes.

Then the config pushed to firewalls will be valid, even though zone has been 

Highlighted
L4 Transporter

Here is the problem.  If I create a zone in GLOBAL and then want to apply it to an interface in a LOCAL template, it is not available in the drop down.  Typing it in manually does not work either.  If you have ANY suggestions I am game.

Highlighted
L4 Transporter

@jeremy.larsen Sorry, misread what you are trying to do. 

Ineed this can be a feature request. The problem is that, even though it looks the oposite in GUI, in the actuall XML file you are adding interfaces to a zone, rather than applying zone to an interface.

So there will not be a way to "share" the zone, unless you have identical interfaces on each firewall. 

Highlighted
L4 Transporter

You must have deleted your post.  I was replying to it.

 

Yes I get that (intefaces applied to zone, bad wording on my part).  I want to apply an interface to a zone in a different template basically.  So you agree, feature request.

 

I just don't like having to create the same zone multiple times for every firewall.  This allows for human error and broken consistency.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!