An object or Policy created in Palo-Alto needs to appear in Panorama.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

An object or Policy created in Palo-Alto needs to appear in Panorama.

L2 Linker

Dear Team ,

 

The customer requested that in addition to being able to create an object or policy in Panorama and push it to the Palo Alto Firewall, he should also be able to create an object on the firewall itself, which is managed by Palo Alto Firewall, and that it should be replicated in Panorama.

Is there an option need to be enabled to create an object or policy in PA that will be shared in Panorama? It is requested that when you create object in PA, it should synchronize with Panorama and vice versa.

 

Thank you, team, 

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite

Hello @mohammedsalhis

 

thank you for reply.

 

Unfortunately, I can't think of any practical way to accomplish it. If your client is worried about availability of Panorama, the only thing I can recommend is to build an HA pair to achieve high availability in the case one unit is down.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

Hello @mohammedsalhis

 

thanks for post.

 

There is no native/built-in way to synchronize an object or policy from a Firewall to Panorama. Even if you over come this with scripting to automate an object creation in Firewall and in Panorama's Device Group at the same time, it is going to have following side effect. After an object is created in Panorama, the Device Group will become out of sync. To resolve the configuration out of sync issue, you will have to push that configuration to Firewall, however you will get an error while pushing configuration as an identical object already exists in Firewall locally.

To me the requirement from your customer is not practical. Would you be able to give more context what your customer would like to accomplish?

 

Kind Regards

Pavel 

Help the community: Like helpful comments and mark solutions.

L2 Linker

Dear Pavel,

 

Thank you for your message.

 

The client is worried about creating objects and policies with any problems when the panorama is unavailable or down, as it will automatically sync after the commit option in PA.

 

Could please check the attached file? can this option solve the isssue ?

 

 

 

 

Cyber Elite
Cyber Elite

Hello @mohammedsalhis

 

thank you for reply.

 

Unfortunately, I can't think of any practical way to accomplish it. If your client is worried about availability of Panorama, the only thing I can recommend is to build an HA pair to achieve high availability in the case one unit is down.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.
  • 1 accepted solution
  • 1275 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!