Question on removing Panorama template from firewall

Announcements
Attention: The LIVEcommunity is experiencing an interruption with videos in some areas. We apologize for any inconvenience this may cause. Thank you for your patience as we work towards a solution to restore videos.
Reply
Highlighted
L0 Member

Question on removing Panorama template from firewall

Hi All,

 

We have an active firewall with Panorama policies still applied in a read only state- unfortunately the panorama server no longer exists with the local firewall having no connection back to a server

We wish to remove the panorama settings on firewall but still keep Panorama policies in the local configuration. 

 

From the KB article it states when removing panorama settings you can 'Import device and network template before disabling' to keep the policies local

KB: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClffCAC

 

My question is does this require an active connection to a Panorama server? or does it simply import the existing read only policies into it's own local polciies

 

Would love to hear from anyone who's had experience with removing panorama policies on firewalls with the Panorama server not active. 

 


Accepted Solutions
Highlighted
L7 Applicator

Re: Question on removing Panorama template from firewall

Hi @HGreen 

For this step you don't need a connection to a panorama server. This simply imports the panorama configuration that you already have locally into the running config (prior to the commit into the candidate config) and from then on you can edit again all of the configuration.

View solution in original post


All Replies
Highlighted
L7 Applicator

Re: Question on removing Panorama template from firewall

Hi @HGreen 

For this step you don't need a connection to a panorama server. This simply imports the panorama configuration that you already have locally into the running config (prior to the commit into the candidate config) and from then on you can edit again all of the configuration.

View solution in original post

Highlighted
L7 Applicator

Re: Question on removing Panorama template from firewall

yes exactly as per @vsys_remo , i have done it many times especially when I was upgrading paranormal from 7x to 8.1x as messed it up big time.

 

The only point i will add and it may be purely because I had such a bad time, but...

 

after removing firewall from a crashed panorama server, I then joined the device to a new panorama and all of the objects became shared, so all devices on panorama, not just the ones in the same group, inherited it's shared objects. so.. I had to re import to panorama again but remove the option to "import devices shared objects into panoramas shared context".

 

this may be of no use to you.... 

 

 

 

 

Highlighted
L0 Member

Re: Question on removing Panorama template from firewall

thanks for confirmation! removal went like a breeze 

Tags (1)
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!