This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Unable to push tempalte to new firewall

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Unable to push tempalte to new firewall

M.Allen
L2 Linker

‎04-24-2024 06:17 AM

I have setup a couple of new firewalls and I am unable to push the template from panorama. Also device group has not yet been pushed.

Should I deploy template or device group first?

See the errors below..

MAllen_0-1713964615519.png

 

0 Likes Likes
6 REPLIES 6

Claw4609
Cyber Elite
Cyber Elite

‎04-24-2024 10:57 AM

Hello,

 

Is "Karelia_VPN_Gateway" a defined variable for this template/template stack? If so, is it type "IP Netmask"?

0 Likes Likes

M.Allen
L2 Linker
In response to Claw4609

‎04-24-2024 12:52 PM

Seemed to not be giving that error anymore..  but now seeing the below. Do I need to remove or disable something in the new firewall?

MAllen_0-1713988337243.png

 

0 Likes Likes

R.Seyidzada
L1 Bithead

‎04-28-2024 10:54 PM - edited ‎04-28-2024 11:06 PM

Hi!

Here is my notes about HA pair FW`s adding to Panorama.
Follow these steps it will be work. 

Adding HA Fw`s to Panorama.

 

  1. Connect firewalls to the Panorama:
    Panorama:
    a. Panorama -> Managed Devices -> Summary -> Add
    Enter device S/N. Enable Associate Devices checkbox. Generate Auth Key and copy it.
    b. Commit to Panorama.
    Firewall:
    a. Device -> Setup -> Panorama Settings
    Write the IP addresses of the Panorama SRVs. Paste created before Auth Key.
    b. Commit.

 

  1. Check connected device status in Panorama:
    Panorama -> Managed Devices -> Summary (the status should be connected)

 

  1. Disable config sync in firewalls:
    Device -> HA -> General -> Setup
    Commit

 

  1. Import firewall config to Panorama:
    Panorama -> Setup -> Operations -> Import device configuration to Panorama

(The same steps for both firewalls)
Commit to Panorama

 

  1. Leave just 1 Template Stack for HA devices:
    Panorama -> Templates

  2. Remove HA config from each template:
    Device -> HA -> Template -> Remove all
    (The same steps for both firwalls)
    Commit to Panorama

  3. Export or push device config bundle:
    Panorama -> Setup -> Operations -> Export or push device config bundle
    (The same steps for both firewalls)
    Commit -> Push to device

  4. Leave just 1 Device Group for HA devices:
    Panorama -> Managed Devices -> Summary
    Commit and Push

  5. Enable config sync on firewalls:
    Device -> HA -> General -> Setup
    Commit

 

 

 

 

 

  1. Plan the transition to Panorama Mgmt
  2. Disable config sync
  3. Add HA Firewalls to Panorama
  4. Verify that the device state for each firewall is connected
  5. Import each Firewall config into Panorama
  6. Add the HA firewall pair into the same device group and template stack
  7. Push the device group and template stack configuration changes to your managed firewalls
  8. Enable config sync

 

 

-----------------------------------------------

Migrate a Firewall HA Pair to Panorama Management and Reuse Existing Configuration

 

  1. Disable configuration synchronization between the HA peers on each peer.
  2. Add HA firewalls to Panorama mgmt.:
    a. Create a device registration auth key
    Panorama -> Device Registration Auth Key and Add a new auth key
    Copy Auth key and close.
    b. Add firewalls to a Panorama mgmt. server.
    Select Panorama -> Managed Devices -> Summary and Add a new firewall.
    Enter the firewall SN
    (No Need) Select Associate Devices to associate the fw with a device group.
    Enter the device registration auth key created before.
    Click ok.
    c. (No Need) Associate firewall with a device group.
    DISABLE Auto Push on 1st connect
    Click OK to add device.
    d. Configura the fw to communicate with Panorama.
    Login to the fw.
    Configure the Panorama setings.
    Device -> Setup -> Management and edi Panorama settings.
    Enter primary and secondary Panorama addresses and Auth key.
    Click OK and commit your changes.
    e. Auth using custom cert???
    f. Commit to Panorama and commit your changes.
    g. Verify that the firewalls is connected to Panorama.
    Panorama -> Managed Devices -> Summary.
    Device state should be shown as “Connected”.
  3. Import each firewall config into Panorama.
    a. Panorama -> Setup -> Operations and click Import device configuration to Panorama and select the device.
    b. Edit template name.
    c. Commit to Panorama.
    d. Panorama -> Setup -> Operations and Export or push device config bundle. Select the device, select ok and Push & Commit the configuration.
    e. Launch the Web Interface of the firewall HA peer and ensure that the configuration pushed in the previous step committed successfully. If not, Commit the changes locally on the firewall.
    f. Repeat Step 1-6 above on the second firewall. The process creates a device group and template stack per each firewall.

 

 



Best regards!

Rashadat Seyidzada
Azerbaijan, Baku
0 Likes Likes

R.Seyidzada
L1 Bithead

‎04-28-2024 11:27 PM

Hi! I hope these steps will help you. 

Notes from my configurations.

ADDING HA FW`s to Panorama

 

  1. Connect firewalls to the Panorama:
    Panorama:
    a. Panorama -> Managed Devices -> Summary -> Add
    Enter device S/N. Enable Associate Devices checkbox. Generate Auth Key and copy it.
    b. Commit to Panorama.
    Firewall:
    a. Device -> Setup -> Panorama Settings
    Write the IP addresses of the Panorama SRVs. Paste created before Auth Key.
    b. Commit.

 

  1. Check connected device status in Panorama:
    Panorama -> Managed Devices -> Summary (the status should be connected)

 

  1. Disable config sync in firewalls:
    Device -> HA -> General -> Setup
    Commit

 

  1. Import firewall config to Panorama:
    Panorama -> Setup -> Operations -> Import device configuration to Panorama

(The same steps for both firewalls)
Commit to Panorama

 

  1. Leave just 1 Template Stack for HA devices:
    Panorama -> Templates

  2. Remove HA config from each template:
    Device -> HA -> Template -> Remove all
    (The same steps for both firwalls)
    Commit to Panorama

  3. Export or push device config bundle:
    Panorama -> Setup -> Operations -> Export or push device config bundle
    (The same steps for both firewalls)
    Commit -> Push to device

  4. Leave just 1 Device Group for HA devices:
    Panorama -> Managed Devices -> Summary
    Commit and Push

  5. Enable config sync on firewalls:
    Device -> HA -> General -> Setup
    Commit

 

 

 

 

 

  1. Plan the transition to Panorama Mgmt
  2. Disable config sync
  3. Add HA Firewalls to Panorama
  4. Verify that the device state for each firewall is connected
  5. Import each Firewall config into Panorama
  6. Add the HA firewall pair into the same device group and template stack
  7. Push the device group and template stack configuration changes to your managed firewalls
  8. Enable config sync

 

 

Migrate a Firewall HA Pair to Panorama Management and Reuse Existing Configuration

 

  1. Disable configuration synchronization between the HA peers on each peer.
  2. Add HA firewalls to Panorama mgmt.:
    a. Create a device registration auth key
    Panorama -> Device Registration Auth Key and Add a new auth key
    Copy Auth key and close.
    b. Add firewalls to a Panorama mgmt. server.
    Select Panorama -> Managed Devices -> Summary and Add a new firewall.
    Enter the firewall SN
    (No Need) Select Associate Devices to associate the fw with a device group.
    Enter the device registration auth key created before.
    Click ok.
    c. (No Need) Associate firewall with a device group.
    DISABLE Auto Push on 1st connect
    Click OK to add device.
    d. Configura the fw to communicate with Panorama.
    Login to the fw.
    Configure the Panorama setings.
    Device -> Setup -> Management and edi Panorama settings.
    Enter primary and secondary Panorama addresses and Auth key.
    Click OK and commit your changes.
    e. Auth using custom cert???
    f. Commit to Panorama and commit your changes.
    g. Verify that the firewalls is connected to Panorama.
    Panorama -> Managed Devices -> Summary.
    Device state should be shown as “Connected”.
  3. Import each firewall config into Panorama.
    a. Panorama -> Setup -> Operations and click Import device configuration to Panorama and select the device.
    b. Edit template name.
    c. Commit to Panorama.
    d. Panorama -> Setup -> Operations and Export or push device config bundle. Select the device, select ok and Push & Commit the configuration.
    e. Launch the Web Interface of the firewall HA peer and ensure that the configuration pushed in the previous step committed successfully. If not, Commit the changes locally on the firewall.
    f. Repeat Step 1-6 above on the second firewall. The process creates a device group and template stack per each firewall.

 

Best regards!

Rashadat Seyidzada
Azerbaijan, Baku
0 Likes Likes

R.Seyidzada
L1 Bithead

‎04-29-2024 12:58 AM

Hi.

Follow these steps. I hope will help you.

ADDING HA FW`s to Panorama

 

  1. Connect firewalls to the Panorama:
    Panorama:
    a. Panorama -> Managed Devices -> Summary -> Add
    Enter device S/N. Enable Associate Devices checkbox. Generate Auth Key and copy it.
    b. Commit to Panorama.
    Firewall:
    a. Device -> Setup -> Panorama Settings
    Write the IP addresses of the Panorama SRVs. Paste created before Auth Key.
    b. Commit.

 

  1. Check connected device status in Panorama:
    Panorama -> Managed Devices -> Summary (the status should be connected)

 

  1. Disable config sync in firewalls:
    Device -> HA -> General -> Setup
    Commit

 

  1. Import firewall config to Panorama:
    Panorama -> Setup -> Operations -> Import device configuration to Panorama

(The same steps for both firewalls)
Commit to Panorama

 

  1. Leave just 1 Template Stack for HA devices:
    Panorama -> Templates

  2. Remove HA config from each template:
    Device -> HA -> Template -> Remove all
    (The same steps for both firwalls)
    Commit to Panorama

  3. Export or push device config bundle:
    Panorama -> Setup -> Operations -> Export or push device config bundle
    (The same steps for both firewalls)
    Commit -> Push to device

  4. Leave just 1 Device Group for HA devices:
    Panorama -> Managed Devices -> Summary
    Commit and Push

  5. Enable config sync on firewalls:
    Device -> HA -> General -> Setup
    Commit

 

 

 

 

 

  1. Plan the transition to Panorama Mgmt
  2. Disable config sync
  3. Add HA Firewalls to Panorama
  4. Verify that the device state for each firewall is connected
  5. Import each Firewall config into Panorama
  6. Add the HA firewall pair into the same device group and template stack
  7. Push the device group and template stack configuration changes to your managed firewalls
  8. Enable config sync

 

 

Migrate a Firewall HA Pair to Panorama Management and Reuse Existing Configuration

 

  1. Disable configuration synchronization between the HA peers on each peer.
  2. Add HA firewalls to Panorama mgmt.:
    a. Create a device registration auth key
    Panorama -> Device Registration Auth Key and Add a new auth key
    Copy Auth key and close.
    b. Add firewalls to a Panorama mgmt. server.
    Select Panorama -> Managed Devices -> Summary and Add a new firewall.
    Enter the firewall SN
    (No Need) Select Associate Devices to associate the fw with a device group.
    Enter the device registration auth key created before.
    Click ok.
    c. (No Need) Associate firewall with a device group.
    DISABLE Auto Push on 1st connect
    Click OK to add device.
    d. Configura the fw to communicate with Panorama.
    Login to the fw.
    Configure the Panorama setings.
    Device -> Setup -> Management and edi Panorama settings.
    Enter primary and secondary Panorama addresses and Auth key.
    Click OK and commit your changes.
    e. Auth using custom cert???
    f. Commit to Panorama and commit your changes.
    g. Verify that the firewalls is connected to Panorama.
    Panorama -> Managed Devices -> Summary.
    Device state should be shown as “Connected”.
  3. Import each firewall config into Panorama.
    a. Panorama -> Setup -> Operations and click Import device configuration to Panorama and select the device.
    b. Edit template name.
    c. Commit to Panorama.
    d. Panorama -> Setup -> Operations and Export or push device config bundle. Select the device, select ok and Push & Commit the configuration.
    e. Launch the Web Interface of the firewall HA peer and ensure that the configuration pushed in the previous step committed successfully. If not, Commit the changes locally on the firewall.
    f. Repeat Step 1-6 above on the second firewall. The process creates a device group and template stack per each firewall.

 

Best regards!

Rashadat Seyidzada
Azerbaijan, Baku
0 Likes Likes

R.Seyidzada
L1 Bithead

‎04-29-2024 01:03 AM

Hi.

 

I attached file here. HA pair FW`s adding to Panorama and configuration steps. I Hope will help you.

Best regards!

Rashadat Seyidzada
Azerbaijan, Baku
Preview file
16 KB
0 Likes Likes
  • 1780 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks