This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to move firewalls between Panoramas

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

How to move firewalls between Panoramas

szabo_sandor
L0 Member

‎10-27-2022 12:46 PM

All NGFWs within a company are currently managed centrally from a central Panorama. The question is how to move a subsidiary's (business unit's) NGFWs and all related configurations (device groups, templates, template stackss, shared objects, etc.) from this central Panorama to a new Panorama installed locally at the subsidiary? We couldn't find a description for this use case, what are the steps to move some firewalls from one Panorama to another so that the moved firewall's operation is not interrupted and they can be managed from the new Panorama after the move?

0 Likes Likes
1 REPLY 1

TomYoung
Cyber Elite
Cyber Elite

‎10-27-2022 05:37 PM - edited ‎10-27-2022 05:40 PM

Hi @szabo_sandor ,

 

You mentioned moving "all related configurations".  So, I assume there is no configuration on the new Panorama.  In that case, you would remove the NGFW from Panorama following this document -> https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cmd6CAC being very sure to check the boxes to import the configurations locally.  You then have a locally managed NGFW.

 

The next step would be to follow this doc -> https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloRCAS to import your locally managed NGFW to Panorama.  Be very sure to follow step 5 and use the Panorama > Setup > Operations process to push the initial config to the device after import.  This step actually deletes the local policies and objects on the NGFW so that you do not get conflict errors. Do not use the Commit menu until afterwards.  

 

One step that is not in the 2nd doc is that is you want the Template values (Network and Device configuration) to be managed by Panorama you need to select Force Template Values when you do your 1st Commit and Push (or Commit to Panorama and Push to Devices).  Then all your policies, objects, network, and device configuration will be managed from Panorama.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
0 Likes Likes
  • 1078 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks