Is there a best practice, for changing the management IP on a FIPS enabled Panorama M-100?
I have a FIPs enabled Panorama M-100. It is configured with a management interface for administrative functions on one network. It is configured with another interface on a different network to communicate with managed firewalls (Layer 2 Adjacent). I need to change the management IP. Normally, I would do this through the console on other networking devices. However, it appears that for FIPS, Palo Alto disables the console. I attempted to SSH to the non management interface with no luck. I assume this is by design. My concern is changing the IP on a production asset and making an error during change and losing connectivity.
Let's take a look at a FW under Panorama control
in the 9.1.x software, there was a feature to enable automated commit recovery, to rollback a config if it disconnects from the Panorama, so your concern is valid, and PANW has a way to resolve the situation.
Thanks for the response. Unfortunately, our devices are running version 8.1. Also, my concern is not losing connections between FW and Panorama, as that is not the interface IP I need to change. I need to change the IP on the management interface for Panorama. We have a second interface that serves as the connection between Panorma and the managed firewalls.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!