09-11-2024 12:14 PM
Hello,
Bootstrap is working on palo alto VMs installed in AWS. The FWs are pointing towards Panorama for everything (config, packages,etc) and do not have internet access. The issue we are running into is that our policy in Panorama for these Firewalls require them to be at a certain level for content and anti virus to be able to allowed to download device group profile and templates. We are using user data method for bootstraping the firewalls.
Since content and anti virus version currently installed on these FWs is below what the policy requires them to be at for them to me managed by panorama. I am thinking the easiest way would be to clone the exiting pollicy in panorama and remove the content and anti virus requirement so that the FWs can be managed by panorama temporarily. Download the content and anti virus to the panorama and Then push the correct version of content and anti virus to the FWs and once they have the right version of contant and anti virus. Change the bootstrap to point to the correct device groups and templates that reference to the policy that requires the FM to be at a specific version.
Any ideas? I do not want to use the S3 bucket method and we can not really remove the requirement of the FWs to be not having the latest content and anti virus to be managed by panorama.
Please assist.
Thanks,Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
