basically same question as subject.
I'd like to change all my +20 palo alto firewalls hostname and don't get if possible from Panorama or not.
When i go to Panorama-device-my device there is no Hostname and no domain,but they are present on firewall GUI,so not clear for me if changes need to be performed on FW and pushed to Panorama or viceversa.
And,in any case,is there some issue i have to consider before performing the change a part of connecting to firewall trough the hostname?(e.g.IPSec gws,tunnels,etc...)
Thanks in advance,
thanks for the post in LIVEcommunity!
To change hostname and domain name of Panorama managed Firewall, you will have to do it through Template. Navigate to Templates > Device > [Select Template] > Setup > Management > General Settings > [Click on "Gear Icon"]. After you make a change, commit it and push it to managed Firewall.
If the values of Hostname and Domain are already configured locally on the Firewall, by pushing these configurations via Template will result local configuration to take a precedence. You will still have to connect locally and to override Template values.
Regarding your second question, there is no risk with changing hostname of the Firewall. I would only recommend changing DNS record mapped to management interface of the Firewall to correspond with name of the Firewall. Changing of DNS name will also break SAN name in the certificate used for management interface if you are using your own certificate.
The IPSec you mentioned is not affected by this. IPsec is built over data plane interface IP address.
Hi Pavel, thanks for your reply.
Firewalls hostnames I need to change are already configured locally, if I get it correctly, can the hostname change be performed directly locally on device? Or do I need to follow mandatory the process you explained(change on Panorama, pushing via template, override locally)?
Thanks in advance,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!