We are in a situation where we have over 50 Palo Altos that we have migrated to panorama over the years. Many of our Palos still have local rules on them as well as Panorama based rules. We would like to convert these firewalls to use only Panorama rules. To our understanding you can export the firewalls from Panorama and then import them again into Panorama and convert the local configuration to a Panorama based configuration. We are unable to remove the firewall from Panorama completely so that we can import it back to convert that configurationto Panorama only based rules.
After we disconnect the firewall from panorama
(Device>Setup>Management>Panorama Settings>Disable Panorama Policy & Objects) as well as (Device>Setup>Management>Panorama Settings>Disable Device and Network Template)
then we remove the device from "Device Groups" and from "Templates" we still end up with those Devices still showing in the Firewall policies. If we try to commit to Panorama the commit fails with a Validation error for the Device serial # saying that there is an ivalid reference for a security policy. In short my question is how do you remove a Firewall completely from Panorama?
