Identify Panorama Template Overrides on Firewalls

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Identify Panorama Template Overrides on Firewalls

L0 Member

I have a scenario where we have 70 firewalls, in HA pairs, managed by Panorama.

Templates are set up, and pushed to the firewalls, but *some* of the firewalls have template overrides set for various things.

I am looking for a good way to identify, whithout visually eyeballing every web gui page on every firewall, which settings on individual firewalls are overriden from the template.

 

I am able to script out both api calls and cli commands, but neither one seems to be able to provide anything I can identify an override with, with no real difference, for instance, in the cli "set" commands between an template setting and an overridden setting. Any good ideas? 

4 REPLIES 4

Cyber Elite
Cyber Elite

@VSOC_PROTECT,

This is easy enough to identifiy in the XML configuration file. If you export the configuration from all of your firewalls you should be able to parse the XML to get the proper overrides for each firewall. 

Hi @BPry 

How are local overwrites taged in the xml? I can nothing see, in the exported config, which shows the GUI that something is overwirten localy. Can you help how to identifiy this entries?

 

thx

 

L6 Presenter

@BPry  -- Other than XML "stare and compare" are there any other ways?  I'll be reaching out to my SE and get a FR.  Having this would be huge, and potentially prevent unintended changes to configs that have the potential to impact environments. 

L0 Member

Just wanted to weigh in that I'm having this issue too, is there a command-line or GUI command that can reveal overridden items locally on a firewall?

  • 6169 Views
  • 4 replies
  • 2 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!