Question on removing Panorama template from firewall

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Question on removing Panorama template from firewall

L0 Member

Hi All,

 

We have an active firewall with Panorama policies still applied in a read only state- unfortunately the panorama server no longer exists with the local firewall having no connection back to a server

We wish to remove the panorama settings on firewall but still keep Panorama policies in the local configuration. 

 

From the KB article it states when removing panorama settings you can 'Import device and network template before disabling' to keep the policies local

KB: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClffCAC

 

My question is does this require an active connection to a Panorama server? or does it simply import the existing read only policies into it's own local polciies

 

Would love to hear from anyone who's had experience with removing panorama policies on firewalls with the Panorama server not active. 

 

1 accepted solution

Accepted Solutions

L7 Applicator

Hi @HGreen 

For this step you don't need a connection to a panorama server. This simply imports the panorama configuration that you already have locally into the running config (prior to the commit into the candidate config) and from then on you can edit again all of the configuration.

View solution in original post

3 REPLIES 3

L7 Applicator

Hi @HGreen 

For this step you don't need a connection to a panorama server. This simply imports the panorama configuration that you already have locally into the running config (prior to the commit into the candidate config) and from then on you can edit again all of the configuration.

L7 Applicator

yes exactly as per @Remo , i have done it many times especially when I was upgrading paranormal from 7x to 8.1x as messed it up big time.

 

The only point i will add and it may be purely because I had such a bad time, but...

 

after removing firewall from a crashed panorama server, I then joined the device to a new panorama and all of the objects became shared, so all devices on panorama, not just the ones in the same group, inherited it's shared objects. so.. I had to re import to panorama again but remove the option to "import devices shared objects into panoramas shared context".

 

this may be of no use to you.... 

 

 

 

 

thanks for confirmation! removal went like a breeze 

  • 1 accepted solution
  • 5396 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!