04-30-2025 08:09 PM
Hi All,
I'm still newbie on PA configuration and I need your suggestion or help. We are replacing the defective PA 850 with new one and these are the steps that i'm thinking
1. On Panorama Remove the defective GBY PA-PRI850 on PANORAMA on template and device
2. On Panorama under the device remove the Serial number of deflective GBY PA-PRI 850 on PANORAMA
Then commit on Panorama
3.On new PA OKI PRI 850 Setup MGMT IP of the new OKI FW replacement on YOK to x.x.x.x and setup the GW to .1 via CLI
4. On new PA OKI PRI 850 Setup the DNS to x.x.x.x
5. On new PA OKI PRI 850 set deviceconfig system update-server updates.paloaltonetworks.com then ping to ping host paloaltonetworks.com
6. will setup the HA IP either via CLI or via GIU of x.x.x.x
After setting up the MGMT ip on new OKI PA 850 via CLI, I will add it under devices and under templates then push it on Panorama.
Now once the configs are push on new PA OKI 850 I will try to check the licenses or update it. I will also register the NEW PA 850 OKI serial number on paloaltonetworks.com
Then after that I will check the PAN OS if its need a downgrade/upgrade, I will match it to current PAN OS of OKI PA SEC sw-version: 10.1.14-h10
Then after that will leave for 24hrs then the next day is BCP testing then the next days will be working with Masergy turning up SDWAN.
Now our SNR Engr said to me that there is missing steps and he said this.
first you need to export the variable list BEFORE you delete the firewall. Once you setup the new firewall with MGMT, DNS, and point to panorama then you can add to Panorama then add to the device group and template group. Once you have it added there you will need to export the new variable list. It will be blank for the new firewall, copy the old values to it and re import. Then you can push the device group and template.
Now my question is once you remove the device and add the new one and push it on panorama will it automatically copy the variables?
I mean the variable list will not change so why I need to export and import ?
Thank you for your all answers.
04-30-2025 08:12 PM
Hi @weezy ,
Please follow the below kb to replace the device. Follow the step by step instruction and you will be able replace the device.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clkn
04-30-2025 08:15 PM
I read this document too but it doesn't say about the variables. That's the only step that i'm missing.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
