Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
02-12-2024 03:07 AM - edited 02-12-2024 03:33 AM
Hello,
I want to know if I can import policy rules from local Firewall to Panorama, using this operation "Import device configuration to Panorama" in order to create device group and centralize all my policies rules.
I want to manage every rules on Panorama not on local firewall.
To be more precise I have many Firewall local policies to export to panorama.
And I only want to import Policies (object and service include) nothing else.
Thanks for your Help !
02-15-2024 11:04 PM
Hi @Boya ,
Yes, you can use that operation to migrate the configuration to Panorama. Here are the instructions -> https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/manage-firewalls/transition-a-firewal.... Every step in the document is very important.
Since you said that you want to manage Policies and Objects from Panorama and Network and Device configurations locally, you can do the following before step 5:
I import the rules to the post-rulebase so that future local rules will precede Panorama rules. Then I move a few rules to the pre-rulebase. The note for step 4, c is very good to determine if you want to migrate the objects to the shared or new device group.
Thanks,
Tom
02-15-2024 11:04 PM
Hi @Boya ,
Yes, you can use that operation to migrate the configuration to Panorama. Here are the instructions -> https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/manage-firewalls/transition-a-firewal.... Every step in the document is very important.
Since you said that you want to manage Policies and Objects from Panorama and Network and Device configurations locally, you can do the following before step 5:
I import the rules to the post-rulebase so that future local rules will precede Panorama rules. Then I move a few rules to the pre-rulebase. The note for step 4, c is very good to determine if you want to migrate the objects to the shared or new device group.
Thanks,
Tom
02-20-2024 05:53 AM
I have an error when i try to do "Import device configuration to Panorama ", wich is "Device belongs to a template-stack. Configuration cannot be imported.".
Is that why you said that i have to remove the template from panorama ?
Regards,
Boya
02-20-2024 06:03 AM
Hi @Boya ,
You may have tried to import it before, or some Network and Device configurations may already be managed by Panorama. You will need to examine the template to which the NGFW belongs to see what is configured. You can also look on the Network and Device configurations on the NGFW. Any item with a green (or green and yellow) gear is configured from Panorama. You can mouse over the gear to see.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PMj1CAG
Thanks,
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
