02-19-2020 07:15 PM
Hi All,
We have an active firewall with Panorama policies still applied in a read only state- unfortunately the panorama server no longer exists with the local firewall having no connection back to a server
We wish to remove the panorama settings on firewall but still keep Panorama policies in the local configuration.
From the KB article it states when removing panorama settings you can 'Import device and network template before disabling' to keep the policies local
KB: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClffCAC
My question is does this require an active connection to a Panorama server? or does it simply import the existing read only policies into it's own local polciies
Would love to hear from anyone who's had experience with removing panorama policies on firewalls with the Panorama server not active.
02-19-2020 11:15 PM
Hi @HGreen
For this step you don't need a connection to a panorama server. This simply imports the panorama configuration that you already have locally into the running config (prior to the commit into the candidate config) and from then on you can edit again all of the configuration.
02-19-2020 11:15 PM
Hi @HGreen
For this step you don't need a connection to a panorama server. This simply imports the panorama configuration that you already have locally into the running config (prior to the commit into the candidate config) and from then on you can edit again all of the configuration.
02-20-2020 06:43 AM
yes exactly as per @Remo , i have done it many times especially when I was upgrading paranormal from 7x to 8.1x as messed it up big time.
The only point i will add and it may be purely because I had such a bad time, but...
after removing firewall from a crashed panorama server, I then joined the device to a new panorama and all of the objects became shared, so all devices on panorama, not just the ones in the same group, inherited it's shared objects. so.. I had to re import to panorama again but remove the option to "import devices shared objects into panoramas shared context".
this may be of no use to you....
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
