Failure to Commit changes in Panorama after removing a firewall as managed device

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Failure to Commit changes in Panorama after removing a firewall as managed device

L2 Linker

I removed a firewall that is managed through Panorama by going to Panorama > Managed Devices > Summary, selecting my firewall then selecting delete. This removed the firewall for me succesfully. However, when I go to make a Commit in Panorama it throws an error saying 

popeja_0-1640092986664.png

When I search for that serial number in Panorama it sure enough comes up on a couple of my QoS policies as a target device. I can even see the serial number listed as a target device on the summary of the policy. However, when I open the Policy and go to the Targets tab, it's not listed anywhere to remove it.

 

Has anyone ran into this problem before and have a solution or any ideas I can try?

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions

I was able to get around this issue by adding that serial number back as a managed device. Next I re-added it to the device group. Then removing this serial number from the dynamic updates schedule like Pavel said and I was also able to see this in the QoS policies again to remove there. 

My commit finally completed successfully.

View solution in original post

3 REPLIES 3

Cyber Elite
Cyber Elite

Thank you for the post @popeja

 

Could you make sure that managed Firewall was removed from below configurations:

 

- Panorama > Device Groups > Then navigate to Device Group: Branch_Single-Homed, then deselect Firewall from Device Group.

 

In addition, to properly remove managed Firewall from Panorama, I would recommend remove it from below sections:

 

- Panorama > Templates > Then navigate to Template Stack where Firewall is located, then deselect Firewall from Template Stack.

 

Panorama > Collector Group > [Collector Group Name] > Device Log Forwarding > Log Forwarding Preferences > Modify > Then deselect Firewall. This option is relevant if you collect logs from managed Firewall.

 

- Panorama > Device Deployment > Dynamic Updates > Schedules > [Scheduler Name] > Then deselect Firewall. This option is relevant if you install updates from Panorama to managed Firewall.

 

After you complete all these steps, there should be nothing left preventing you to commit it.

 

Kind Regards

Pavel

Help the community: Like helpful comments and mark solutions.

Thanks the for the reply PavelK. I should have mentioned that I've remove the firewall from all these already. No luck.

I was able to get around this issue by adding that serial number back as a managed device. Next I re-added it to the device group. Then removing this serial number from the dynamic updates schedule like Pavel said and I was also able to see this in the QoS policies again to remove there. 

My commit finally completed successfully.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!