12-21-2021 05:24 AM
I removed a firewall that is managed through Panorama by going to Panorama > Managed Devices > Summary, selecting my firewall then selecting delete. This removed the firewall for me succesfully. However, when I go to make a Commit in Panorama it throws an error saying
When I search for that serial number in Panorama it sure enough comes up on a couple of my QoS policies as a target device. I can even see the serial number listed as a target device on the summary of the policy. However, when I open the Policy and go to the Targets tab, it's not listed anywhere to remove it.
Has anyone ran into this problem before and have a solution or any ideas I can try?
Thanks!
12-22-2021 08:08 AM
I was able to get around this issue by adding that serial number back as a managed device. Next I re-added it to the device group. Then removing this serial number from the dynamic updates schedule like Pavel said and I was also able to see this in the QoS policies again to remove there.
My commit finally completed successfully.
12-21-2021 02:14 PM
Thank you for the post @popeja
Could you make sure that managed Firewall was removed from below configurations:
- Panorama > Device Groups > Then navigate to Device Group: Branch_Single-Homed, then deselect Firewall from Device Group.
In addition, to properly remove managed Firewall from Panorama, I would recommend remove it from below sections:
- Panorama > Templates > Then navigate to Template Stack where Firewall is located, then deselect Firewall from Template Stack.
- Panorama > Collector Group > [Collector Group Name] > Device Log Forwarding > Log Forwarding Preferences > Modify > Then deselect Firewall. This option is relevant if you collect logs from managed Firewall.
- Panorama > Device Deployment > Dynamic Updates > Schedules > [Scheduler Name] > Then deselect Firewall. This option is relevant if you install updates from Panorama to managed Firewall.
After you complete all these steps, there should be nothing left preventing you to commit it.
Kind Regards
Pavel
12-22-2021 05:21 AM
Thanks the for the reply PavelK. I should have mentioned that I've remove the firewall from all these already. No luck.
12-22-2021 08:08 AM
I was able to get around this issue by adding that serial number back as a managed device. Next I re-added it to the device group. Then removing this serial number from the dynamic updates schedule like Pavel said and I was also able to see this in the QoS policies again to remove there.
My commit finally completed successfully.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
