Best practices for pushingv configuration changes management
from the Panorama™ management server to managed firewalls..
Panorama provides many ways to control pushing
configuration changes to managed firewalls. It is worthwhile to
understand what they are and adopt them in your day-to-day operations.
Before administrators push configuration
changes to managed firewalls, Require them to review the push scope
selection ()
to verify that the list of target firewalls is correct.
Even
if the device group hierarchy is designed correctly and the configuration changes
are well planned, there may be scenarios where configuration changes do
not need to be pushed to all firewalls at a given time due to different
maintenance windows. It is always a best practice to review the
list of target firewalls to ensure configuration changes are pushed
to only the intended managed firewalls.
Use the Force Template Values () setting sparingly.
A push with this setting enabled overwrites the entire managed firewall
configuration including any local firewall configuration.
