Panorama network and device templates not syncing to firewall

cancel
Showing results for 
Search instead for 
Did you mean: 

Panorama network and device templates not syncing to firewall

L0 Member

Hello,

 

We are trying to set up a new deployment in AWS consisting of two firewalls managed by a Panorama server. 

 

For starters, we deployed one firewall and one Panorama instance. They are in the same VPC, different subnets. Security groups currently allow all TCP to/from the Panorama server and the firewall.

 

Both Panorama and the firewall have been licensed successfully and have a device certificate retrieved after generating an OTP.

 

They are both on version 10.0.6.

 

The both have the predefined certificates specified under the secure communication settings

 

We got both firewalls connected to Panorama. We have device groups and templates defined. However, the issue we are having is that upon trying to deploy network and device templates, it seems like none of the settings are taking. The policy templates DOES seem to be deploying properly to both firewalls. 

 

No errors show up when pushing the settings, and we also checked the "Force Template Values" option.

 

I'm trying to figure out why this would happen, what are the prerequisites to get the network and device template settings to apply properly?  

3 REPLIES 3

L4 Transporter

Hi @JakeKremer 

 

thank you for posting question.

 

Based on all the inputs you have given, you meet all prerequisites to push Templates to managed firewall.

 

Could you please confirm below points?

- Are you having an issue only with Templates? Are settings that are being pushed in Device Group applied correctly to managed firewall?

- When you navigate in Panorama to: Panorama > Managed Devices > Summary > Template Last Commit State, what does it says? Does it says commit succeeded?

- Could you go to managed firewall and navigate to right bottom corner, then click on Tasks. When you push Templates from Panorama, are you seeing in real time that Commit task is getting executed and returns: Status: Completed / Result: Successful?

- Could you in managed firewall navigate to Configuration logs by going to: Monitor > Logs > Configuration > Then search an entry by using filter ( client eq Panorama )? Are you seeing Result as: Succeeded?

- The configuration you are pushing using Template, is it not applied at all? Are you able to see an icon similar to below?

PavelK_0-1630706295631.png

 

Thank you and Regards

Pavel

 

 

 

 

 

Pavel Kucera

L0 Member

Hey Pavel,

 

I opened a support case regarding this, and I guess the issue was actually that I needed to define a template stack in order for the device and network templates to push. I was unaware of this, and I thought that simply having the templates linked to a device would be enough. 

 

L4 Transporter

Thank you for update @JakeKremer 

 

I see, it makes sense. Template itself is just configuration place holder, but Template Stack is where you group all Templates and associate the manage Firewalls to:

 

PavelK_1-1631058481291.png

 

Without adding Templates to Template Stack, Template is not associated to any Firewall and therefore can't be pushed.

 

Kind Regards

Pavel

 

 

Pavel Kucera
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!