Configure PAN OS locally when panorama is down

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Configure PAN OS locally when panorama is down

L1 Bithead

Hello team,

 

I want to ask if when the panorama VM is down , and we need to configure firewalls locally, in this case , when we turn on the panorama , how would be the behaviour :

1- Panorama will detect that configuration is not sync and will inherit from FW?

2- or , the changes will not apear in panorama , and how to add these changes to panorama ?

 

Thank you 😊

 

1 REPLY 1

Cyber Elite
Cyber Elite

Hello @Bouthaina

 

thanks for post!

 

- The changes you make locally in Firewall will not be reflected in Panorama. Local configuration is bound only to Firewall.

- Local changes are not sync back to Panorama's Device Group / Template. You will either have to make the identical changes in Panorama and push it back to Firewall. This step has however following limitations: Template configuration will not override local configuration until you override it locally. Details are in this KB: Pushed config from Panorama not being applied on the local Firewall. Identical configuration in Device Group for example object names will result error while pushing back to Firewall as the same object name already exists locally. You will have to resolve this issue first.

The alternative to this would be to import local configuration to Panorama: How to add a locally managed firewall to panorama management.

 

Kind Regards

Pavel   

Help the community: Like helpful comments and mark solutions.
  • 135 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!