I'm just getting started with Pair of 5000's in Active/Passive and plan to manage them via Panorama. Should I be pushing policy to the 'primary' PA firewall or create a device group and push the policy to both? Second question: We plan on bringing up a secondary internret connection in about a year with a building and will be adding another pair of PA firewall. The internet connection will be redundent. Is there a way to push policy to multiple sets of firewalls other than through Pre and Post rules? How will be I be able to copy the rules that I've created in the coming year to this new set of firewalls?
... View more