Panorama to VM Firewall

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Panorama to VM Firewall

L4 Transporter

Hi Team,

Is it mandatory to configure the Management Interface on firewall if we plan to manage the firewalls via Panorama?

I am trying to setup connection from the firewall to manage it over the Panorama but unable to get the connection.

Even TAC was saying it is necessary to have Mgmt interface if we manage it over Panorama. But in Service Policy i can see an option for Panorama to change the interface other than default. So it should work is what i think. Please suggest.

Regards

Sanjay S

7 REPLIES 7

Cyber Elite
Cyber Elite

Hello @Sanjay_Ramaiah

 

I had a few Firewalls where circumstances forced me to use data plane interface instead of management interface to register Firewall to Panorama, so I can confirm from my own experience that it is possible. I do not recall memory to do anything special than making a change in service route to use data plane interface. Can you see any clue any traffic logs?

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Cyber Elite
Cyber Elite

Hi @PavelK ,

 

That's good to know.  Thank you!  Since the management traffic is always initiated by the NGFW, do we even need an Interface Management Profile?

 

Thanks again,

 

Tom

Help the community: Like helpful comments and mark solutions.

Cyber Elite
Cyber Elite

Hi @TomYoung

 

to be honest I never tried this without management profile being attached to an interface, however I think you are right. If Firewall is completely managed by Panorama it should work without it.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

L4 Transporter

Thanks All, I am still working on this.

Issue still not resolved but TAC says that it is must to have Mgmt interface configured. But i dont find any document says that it is must to configure the Mgmt interface. Will keep this chain updated.

Regards,

Sanjay S

Cyber Elite
Cyber Elite

Hi @Sanjay_Ramaiah ,

 

Did you change ALL the service routes to the data plane interface?

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.

Hi Tom,

No, not all the service routes but only the DNS, Radius and now Panorama. Whichever is required only those i changed.

Will that cause an issue at all?

Regards,

Sanjay S

Cyber Elite
Cyber Elite

Hi @Sanjay_Ramaiah ,

 

Since you do not plan to use the management interface, I will configure all the service routes the same.  The service routes you listed should be all you need, but it is not working.  Let's see if this makes a difference.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
  • 1332 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!