- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
08-13-2024 02:27 AM
Dear Team ,
The customer requested that in addition to being able to create an object or policy in Panorama and push it to the Palo Alto Firewall, he should also be able to create an object on the firewall itself, which is managed by Palo Alto Firewall, and that it should be replicated in Panorama.
Is there an option need to be enabled to create an object or policy in PA that will be shared in Panorama? It is requested that when you create object in PA, it should synchronize with Panorama and vice versa.
Thank you, team,
08-18-2024 03:25 PM
Hello @mohammedsalhis
thank you for reply.
Unfortunately, I can't think of any practical way to accomplish it. If your client is worried about availability of Panorama, the only thing I can recommend is to build an HA pair to achieve high availability in the case one unit is down.
Kind Regards
Pavel
08-13-2024 04:15 AM
Hello @mohammedsalhis
thanks for post.
There is no native/built-in way to synchronize an object or policy from a Firewall to Panorama. Even if you over come this with scripting to automate an object creation in Firewall and in Panorama's Device Group at the same time, it is going to have following side effect. After an object is created in Panorama, the Device Group will become out of sync. To resolve the configuration out of sync issue, you will have to push that configuration to Firewall, however you will get an error while pushing configuration as an identical object already exists in Firewall locally.
To me the requirement from your customer is not practical. Would you be able to give more context what your customer would like to accomplish?
Kind Regards
Pavel
08-14-2024 01:45 AM
Dear Pavel,
Thank you for your message.
The client is worried about creating objects and policies with any problems when the panorama is unavailable or down, as it will automatically sync after the commit option in PA.
Could please check the attached file? can this option solve the isssue ?
08-18-2024 03:25 PM
Hello @mohammedsalhis
thank you for reply.
Unfortunately, I can't think of any practical way to accomplish it. If your client is worried about availability of Panorama, the only thing I can recommend is to build an HA pair to achieve high availability in the case one unit is down.
Kind Regards
Pavel
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!