This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

XML Config from Panorama managed device, where are the policies?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

XML Config from Panorama managed device, where are the policies?

Go to solution
Chacko42
L4 Transporter

‎01-14-2019 04:58 AM

Hi community,

 

scenario: When provisioning a standalone firewall with panorama and performing a config-sync to a non-panorama-managed passive HA peer, there are not policies etc.

After exporting the xml config from the active peer, I noticed, that the xml does not contain any policy rulesets and objects.

 

Now I wonder:
What happens if panorama is not available and a firewall reboots?

Where are the policies stored? Do they survive a reboot when no panorama config is available?

Is there a way to sync a panorama pushed-config to a passive-peer when creating a cluster?

 

As you guys know, sometimes you cannot just push the config from panorama to the secondary passive peer, because a few dependencies get messy (DG does not work, because of no zone, Template push does not work because zone-protection log-forwarding profile is in the DG config)

 

Any hints are appreciated

 

Best Regards

Chacko

Best Regards
Chacko
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
LukeBullimore
L5 Sessionator

‎01-14-2019 08:25 AM

Hey @Chacko42

 

You won't see Panorama pushed policies in the firewalls XML running configuration correct. However, you will see it in the device state (you can export it from GUI).

 

If the Panorama becomes unavailable and Panorama reboots, or if the firewall becomes disconnected from the Panorama - the policies will still remain so no worries about that.

View solution in original post

1 REPLY 1

Go to solution
LukeBullimore
L5 Sessionator

‎01-14-2019 08:25 AM

Hey @Chacko42

 

You won't see Panorama pushed policies in the firewalls XML running configuration correct. However, you will see it in the device state (you can export it from GUI).

 

If the Panorama becomes unavailable and Panorama reboots, or if the firewall becomes disconnected from the Panorama - the policies will still remain so no worries about that.

  • 1 accepted solution
  • 2060 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks