Importing and Managing Shared Gateway in Panorama

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Importing and Managing Shared Gateway in Panorama

L1 Bithead

Does Panorama support managing shared-gateways?  I found one unanswered post on it, but I haven't found a conclusive statement on it in the official documentation. 

 

I recently tried to import a firewall into Panorama, but sg1 didn't seem to import with the rest of the vsys(s).

1 accepted solution

Accepted Solutions

So - Panorama does NOT fully support Shared-Gateways.  You can import/create the shared gateway, assign it to Interfaces, but you cannot manage the NAT policy or the Forwarding policy.

 

There is a feature request already --- FR ID:4412

 

Additionally (maybe a bug), while attempting to import the policy into Panorama, I ran into an issue with named objects used as NAT translations.  These had to be changed to IP addresses on the local firewall, then re-imported before a commit to Panorama would work.   And yes, they were imported into shared.

 

Also ....  The shared-gateway NAT policy gets imported into the Panorama XML config.  It can even be found by Global Search.  Clicking on the names does nothing since there is no user interface to manage them.

 

 

 

View solution in original post

9 REPLIES 9

Cyber Elite
Cyber Elite

Panorama does support shared gateways. maybe there's an issue with importing SG's that TAC could take a look at and possibly fix

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

Hello Brian,

 

Did you get any update from TAC, I appreciate your response.


Regards

Venky

Hello Brian,

Did you get any update from TAC, I appreciate your response.

Regards

Venky

I don't have enough information to share with TAC yet.  I will attempt to import the same firewall with shared-gateway again soon and collect a show tech and screenshots if it fails again (I did not do this before).

 

My current assumption is that I just missed something in the import process during the last attempt.

So - Panorama does NOT fully support Shared-Gateways.  You can import/create the shared gateway, assign it to Interfaces, but you cannot manage the NAT policy or the Forwarding policy.

 

There is a feature request already --- FR ID:4412

 

Additionally (maybe a bug), while attempting to import the policy into Panorama, I ran into an issue with named objects used as NAT translations.  These had to be changed to IP addresses on the local firewall, then re-imported before a commit to Panorama would work.   And yes, they were imported into shared.

 

Also ....  The shared-gateway NAT policy gets imported into the Panorama XML config.  It can even be found by Global Search.  Clicking on the names does nothing since there is no user interface to manage them.

 

 

 

Has there been any progress with this issue?  I'd like to include some NAT rules in a shared policy. But i cannot as each rule uses gateway specific IP addressing. And 'variables' cant be used in such rules.

Hi Brian, did you ever make progress with this?

Thanks for your question

  • 1 accepted solution
  • 8304 Views
  • 9 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!