12-09-2019 11:12 AM
Does Panorama support managing shared-gateways? I found one unanswered post on it, but I haven't found a conclusive statement on it in the official documentation.
I recently tried to import a firewall into Panorama, but sg1 didn't seem to import with the rest of the vsys(s).
03-10-2020 11:19 AM
So - Panorama does NOT fully support Shared-Gateways. You can import/create the shared gateway, assign it to Interfaces, but you cannot manage the NAT policy or the Forwarding policy.
There is a feature request already --- FR ID:4412
Additionally (maybe a bug), while attempting to import the policy into Panorama, I ran into an issue with named objects used as NAT translations. These had to be changed to IP addresses on the local firewall, then re-imported before a commit to Panorama would work. And yes, they were imported into shared.
Also .... The shared-gateway NAT policy gets imported into the Panorama XML config. It can even be found by Global Search. Clicking on the names does nothing since there is no user interface to manage them.
12-12-2019 06:06 AM
Panorama does support shared gateways. maybe there's an issue with importing SG's that TAC could take a look at and possibly fix
02-13-2020 01:07 AM
Hello Brian,
Did you get any update from TAC, I appreciate your response.
Regards
Venky
02-13-2020 09:27 AM
I don't have enough information to share with TAC yet. I will attempt to import the same firewall with shared-gateway again soon and collect a show tech and screenshots if it fails again (I did not do this before).
My current assumption is that I just missed something in the import process during the last attempt.
03-10-2020 11:19 AM
So - Panorama does NOT fully support Shared-Gateways. You can import/create the shared gateway, assign it to Interfaces, but you cannot manage the NAT policy or the Forwarding policy.
There is a feature request already --- FR ID:4412
Additionally (maybe a bug), while attempting to import the policy into Panorama, I ran into an issue with named objects used as NAT translations. These had to be changed to IP addresses on the local firewall, then re-imported before a commit to Panorama would work. And yes, they were imported into shared.
Also .... The shared-gateway NAT policy gets imported into the Panorama XML config. It can even be found by Global Search. Clicking on the names does nothing since there is no user interface to manage them.
07-14-2020 01:13 AM
Has there been any progress with this issue? I'd like to include some NAT rules in a shared policy. But i cannot as each rule uses gateway specific IP addressing. And 'variables' cant be used in such rules.
07-19-2021 02:57 PM
Hello Brian
Can you please answer my question, https://live.paloaltonetworks.com/t5/general-topics/paloalto-shared-gateway-managed-by-panorama/td-p...
06-30-2022 01:02 PM
Hi Brian, did you ever make progress with this?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
