This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Panorama network and device templates not syncing to firewall

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Panorama network and device templates not syncing to firewall

JakeKremer
L0 Member

‎09-03-2021 10:20 AM

Hello,

 

We are trying to set up a new deployment in AWS consisting of two firewalls managed by a Panorama server. 

 

For starters, we deployed one firewall and one Panorama instance. They are in the same VPC, different subnets. Security groups currently allow all TCP to/from the Panorama server and the firewall.

 

Both Panorama and the firewall have been licensed successfully and have a device certificate retrieved after generating an OTP.

 

They are both on version 10.0.6.

 

The both have the predefined certificates specified under the secure communication settings

 

We got both firewalls connected to Panorama. We have device groups and templates defined. However, the issue we are having is that upon trying to deploy network and device templates, it seems like none of the settings are taking. The policy templates DOES seem to be deploying properly to both firewalls. 

 

No errors show up when pushing the settings, and we also checked the "Force Template Values" option.

 

I'm trying to figure out why this would happen, what are the prerequisites to get the network and device template settings to apply properly?  

0 Likes Likes
3 REPLIES 3

PavelK
Cyber Elite
Cyber Elite

‎09-03-2021 03:01 PM

Hi @JakeKremer 

 

thank you for posting question.

 

Based on all the inputs you have given, you meet all prerequisites to push Templates to managed firewall.

 

Could you please confirm below points?

- Are you having an issue only with Templates? Are settings that are being pushed in Device Group applied correctly to managed firewall?

- When you navigate in Panorama to: Panorama > Managed Devices > Summary > Template Last Commit State, what does it says? Does it says commit succeeded?

- Could you go to managed firewall and navigate to right bottom corner, then click on Tasks. When you push Templates from Panorama, are you seeing in real time that Commit task is getting executed and returns: Status: Completed / Result: Successful?

- Could you in managed firewall navigate to Configuration logs by going to: Monitor > Logs > Configuration > Then search an entry by using filter ( client eq Panorama )? Are you seeing Result as: Succeeded?

- The configuration you are pushing using Template, is it not applied at all? Are you able to see an icon similar to below?

PavelK_0-1630706295631.png

 

Thank you and Regards

Pavel

 

 

 

 

 

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

JakeKremer
L0 Member

‎09-07-2021 11:22 AM

Hey Pavel,

 

I opened a support case regarding this, and I guess the issue was actually that I needed to define a template stack in order for the device and network templates to push. I was unaware of this, and I thought that simply having the templates linked to a device would be enough. 

 

(1)

PavelK
Cyber Elite
Cyber Elite

‎09-07-2021 04:49 PM

Thank you for update @JakeKremer 

 

I see, it makes sense. Template itself is just configuration place holder, but Template Stack is where you group all Templates and associate the manage Firewalls to:

 

PavelK_1-1631058481291.png

 

Without adding Templates to Template Stack, Template is not associated to any Firewall and therefore can't be pushed.

 

Kind Regards

Pavel

 

 

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
  • 4631 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks