Use Case - Onboarding New Next-Generation Firewalls to Panorama

1. Associate Devices or Import multiple firewalls to streamline the onboarding process.
   • Associate the firewalls with a device group, template stack, Collector Group, and Log Collector as you add them to Panorama from one location rather than manually associating the firewalls after they have been successfully added to Panorama.
   • If you are adding a large number of firewalls, import all your new firewalls to Panorama in a CSV file. This CSV file allows you to associate all your firewalls with a device group, template stack, Collector Group, and Log Collector rather than manually associating them. This option is especially beneficial when adding a large number of firewalls where manually associating the firewalls would take a long time to complete.
2. Enable Auto Push on 1st Connect and configure the To SW Version to automatically push the device group and template stack configurations to your managed firewalls when they first successfully connect to Panorama and upgrade your managed firewalls to a specified PAN-OS version of your choosing. This includes automatically installing all required content updates for each PAN-OS version in the PAN-OS upgrade path.
   • If you are importing all your new firewalls to Panorama in a CSV file, enable Auto Push on 1st Connect and configure the To SW Version in the CSV file to streamline the import process.
   • When implementing role-based access control, leverage device group and template admins to add firewalls to device groups and templates within their access domain rather than enabling superuser privileges for all Panorama admins.
3. After you successfully add your firewalls to Panorama, create and apply tags to make your managed firewalls easier to search and filter. This helps you keep your managed firewalls organized as the number of firewalls you manage using Panorama grows.
4. If you are deploying firewalls in remote sites with little to no IT staff, set up Zero Touch Provisioning (ZTP) to streamline initial firewall deployment by automating new managed firewall onboarding without the need for network or IT administrators at the remote site.