This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Change all IP address for firewall HA pair managed in Panorama

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Change all IP address for firewall HA pair managed in Panorama

khsieh
L2 Linker

‎06-11-2021 04:24 PM

I have a HA firewall pair managed by Panorama. I would like to change all of the IP addresses of the interfaces. It's a lot to try to do through the GUI. My thinking is export the template as XML, make the necessary changes, and then import again.

 

The firewall HA pair is a test harness. The existing configuration is from my production firewalls. I need to change all of the IPs so I can connect it alongside my production firewalls without causing IP or routing conflicts.

 

I haven't figured out how to export the configuration. Most times I don't get any interface information. I was able to get an export from Panorama, but the IPv4 addresses are missing.

0 Likes Likes
3 REPLIES 3

aleksandar.astardzhiev
Cyber Elite
Cyber Elite

‎06-12-2021 01:33 PM

Hi @khsieh ,

My suggestion would be simpler:

- Prepare your configuration with text editor (ex. notepad++) in set format

- Login with SSH to your Panorama that is managing the targeted FW.

- Just copy/paste the set commands through the SSH session.

- Review your changes via the GUI, if everything looks ok, commit and push

 

Configuring network interface ip over CLI is pretty much exactly the same as if you do it directly on the FW. The only difference is that on Panorama the set command needs to refrence the template assigned to that FW.

 

Full command would be:
# set template <template-name> config network interface ethernet ethernet1/1 layer3 ip 1.1.1.1/29

 

Optional you can move

# edit template <template-name> config      // this will place you in templace configuration so your every set command doesn't need to referecen it and you can simply
# set network interface ethernet ethernet1/1 layer3 ip 1.1.1.1/29 //repeat this for every interface you need to change

0 Likes Likes

khsieh
L2 Linker

‎06-12-2021 03:12 PM

Thanks!

I will need to export all of the interfaces first. Maybe I can do that via CLI to show all interfaces and their IP. Then load that to Excel to clean up the formatting. Then do some search and replace of the addresses, and build out the commands.

I will reply back with how it goes.

 

0 Likes Likes

khsieh
L2 Linker

‎06-14-2021 12:13 PM

I also will need to change all of the BGP configuration to match the new IP addresses. I have maybe 60 BGP connections to change. Suggestions?

0 Likes Likes
  • 4100 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks