This might be a really weird question and I expect people to ask why I want to do this. If that is going to be your response, then please don't respond. I have a couple PA-220s at a remote location. I want to send logs from the PA-220s to Panrorama. I don't want to push configurations from Panorama to the devices (well maybe templates are okay, but definately not Objects or Policie). I figure that I could possibly configure the Panorama IPs on the firewalls. Then maybe manage the firewall from Panorama. Then possbily add the firewall to get a template, but not assign an object group. I don't want the shared objects to populate to the PA-220. Will this config work?
I simply "told" the remote firewall the name of panorama and enabled logging to panorama. This was sufficient (if I remember it correct) to have the logs on panorama.
We manage the licenses with panorama, but don't know if this is required.
As long as you do not bind the serial number with a template / device group (on panorama), you will not interfere with the local config.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!