How to identify local configuration changes on NGFW’s managed by SCM
First log into SCM and then navigate to the “Manage>Configuration>NGFW and Prisma Access” tabs.
Now click on the “Configuration Scope” and find the folders for the firewalls or firewall you want to look at.
Now that you are in the configuration scope of “All Firewalls”, make sure you are on the overview tab. You will now see any conflicts under “Variables”. Any firewalls with a conflict will show with a link “View Conflicts”. Click on the link.
This will bring you to all the firewalls with a conflict. You can also see how many conflicts and their locations.
Click on a firewall to view the conflicts.
On this firewall I can see there are conflicts in the objects in the general and services configurations.
When you click on the link to the conflict it will bring you to that part of the configuration.
In this example it takes me to the Device Setup tab. I can see the configuration on the General Settings tab and Services tab show a conflict with the local device configs.
By clicking on the “Show Config Diff” I can see what is configured on the local device versus SCM.
This allows you to identify what has been changed and whether or not it needs to be done from SCM.
On the next firewall it shows a conflict with an ethernet port and that it has been overwritten on the local configuration. By clicking on the link it will take you into the configuration.
On the top of the configuration you will see an option to “Show local device configs”. By sliding the option over you can see what is configured locally.
You can also use the “Show Config Diff” like before to see the difference in the local versus SCM pushed configuration.
