Template query

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Template query

L2 Linker

Hi All,

 

I have integrated 2 palo alto in HA and accordinly template has been created like such

1). PA_FW_1

2). PA_FW_2

3). PA_FW_1_Stack

 

Now client told me to delete PA_FW_1 and PA_FW_2 and keep PA_FW_1_Stack which contains both devices. Can anyone let me know the consequences if i delete both the template 

5 REPLIES 5

Cyber Elite
Cyber Elite

Hello @vishalrsshah

 

thanks for post!

 

Based on what you described you are removing 2 Templates from Template Stack leaving Template Stack empty. Template Stack is a unit that holds Template configuration and assigns it to Firewalls. After you remove both Templates and commit / push that configuration to Firewalls you will be removing Panorama pushed configuration. This will be effectively rollback to local configuration.

 

Do you have more context what client intends to do?

 

Kind Regards

Pavel 

Help the community: Like helpful comments and mark solutions.

Hi,

Pls find attached snapshot where i have integrated two firewalls and template has been created by panorama. What i wants to know can i delete PA-FW01, PA-FW02, PAFW03, PAFW04 and keep only PA-FW01_02_STACK and PA-FW03_04_STACK and global settings.

vishalrsshah_0-1732513383218.png

 

 

Cyber Elite
Cyber Elite

Hello @vishalrsshah

 

thank you for reply.

 

Since I do not know what configuration is included in each of the Template, I am not able to answer whether you can remove them and what the impact would be.

 

If the configuration in Global Settings Template is the same/overlapping with PA-FW01, PA-FW02, PAFW03, PAFW04, then it is safe to remove them as Template at the top of the Stack has the highest priority in the presence of overlapping config. In this case there will be no impact.

 

If the configuration in PA-FW01, PA-FW02, PAFW03, PAFW04 has different / non-overlapping configuration, then deleting these Templates and committing it to Firewalls will have an impact to remove configuration.

 

To remove the Templates, you should first remove it from Template stack, then you can delete Template itself.

 

Kind Regards

Pavel

 

 

 

 

Help the community: Like helpful comments and mark solutions.

L2 Linker

Hi ,

 

I have deleted PA_FW_2 template and push the configuration alongwith with some other changes also. Now my both firewall have the same hostname. What can I do so my passive firewall will have its own hostname i.e PA_FW_2

Cyber Elite
Cyber Elite

Hello @vishalrsshah

 

thank you for reply.

 

This is something that can be done with Template variables. The Hostname in Template Variable has been added in PAN-OS 11.1. Below are references:

new-template-variables

configure-template-or-template-stack-variables

 

If you are not running Panorama on PAN-OS 11.1, then the only option left is to configure hostnames locally or use different Template Stacks for each Firewall.

 

Kind Regards

Pavel  

 

Help the community: Like helpful comments and mark solutions.
  • 212 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!