PAN-OS ® New Features Guide
  • PAN-OS ® New Features Guide
  • All PAN-OS Documentation
  • All Documentation
PAN-OS ® New Features Guide
: Admin-Level Commit with Policy Reordering
Focus
Download PDF
Focus
  1. Home
  2. PAN-OS
  3. PAN-OS ® New Features Guide
  4. Panorama Features
  5. Admin-Level Commit with Policy Reordering
Download PDF

PAN-OS ® New Features Guide

Admin-Level Commit with Policy Reordering

Table of Contents
End-of-Life (EoL)
Commit configuration changes to your policy rulebase reordering on the Panorama management server.
The Panorama management server running PAN-OS 11.0.1 enables Panorama admin to commit or revert their own policy rulebase reordering configuration changes. This enables and supports concurrent Panorama admins making policy reordering changes and does not require you to commit or revert all configuration changes on Panorama when policy rulebase reordering is required. Additionally, this allows you to accurately track and audit policy rulebase reordering changes made by each individual admin. Admin-level commit and revert of policy reordering changes is supported when adding a new policy rule between existing rules, moving and reordering existing policy rules, and deleting an existing policy rule. A configuration log is generated when an admin-level commit or revert for a policy rulebase reordering is performed.
When you preview your configuration commit, a policy rule added between existing policy rules is displayed as a modified configuration object rather than an added configuration object. For example, Policy1 and Policy2 are existing policy rules. A Panorama admin later creates Policy3 and adds the policy rule between Policy1 and Policy2. When the Panorama admin goes to preview the configuration changes, Policy3 is displayed as a modified configuration object.
Panorama must be running PAN-OS 11.0.1 to perform an admin-level commit when a policy rulebase is reordered and then push the change to managed firewalls.
  1. Log in to the Panorama web interface.
  2. Reorder a policy rulebase.
    • Reorder a Policy Rulebase In your Policies, reorder a policy rulebase.
      • Add a new policy rule in-between existing policy rules.
      • Select and Delete a policy rule ordered between two other policy rules.
        Deleting a policy rule at the bottom of your policy rulebase is not considered reodering.
      • Select and Move a policy rule.
    • Revert the Panorama Configuration—Select PanoramaSetupOperations and revert the Panorama configuration.
      Please note that any other configuration changes associated with the device group are also reverted.
      1. Revert to last saved Panorama configuration or Revert to running Panorama configuration.
      2. Select Device Groups & Templates.
      3. Select the device group the policy rulebase you reordered is a part of and click OK.
      4. You are prompted that the specified device group is reverted. Click OK to continue.
  3. Select Commit and Commit to Panorama.
  4. Select Commit Changes Made By and verify the device group and associated policy rulebase reordering changes are displayed in the Commit Scope
  5. Commit.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.