Admin-Level Commit with Policy Reordering

Commit configuration changes to your policy rulebase reordering on the Panorama management server.
The Panorama management server running PAN-OS 11.0.1 enables Panorama admin to commit or revert their own policy rulebase reordering configuration changes. This enables and supports concurrent Panorama admins making policy reordering changes and does not require you to commit or revert all configuration changes on Panorama when policy rulebase reordering is required. Additionally, this allows you to accurately track and audit policy rulebase reordering changes made by each individual admin. Admin-level commit and revert of policy reordering changes is supported when adding a new policy rule between existing rules, moving and reordering existing policy rules, and deleting an existing policy rule. A configuration log is generated when an admin-level commit or revert for a policy rulebase reordering is performed.
When you preview your configuration commit, a policy rule added between existing policy rules is displayed as a modified configuration object rather than an added configuration object. For example,
are existing policy rules. A Panorama admin later creates
and adds the policy rule between
. When the Panorama admin goes to preview the configuration changes,
is displayed as a modified configuration object.
Panorama must be running PAN-OS 11.0.1 to perform an admin-level commit when a policy rulebase is reordered and then push the change to managed firewalls.
  1. Reorder a policy rulebase.
    • Reorder a Policy Rulebase
      In your
      , reorder a policy rulebase.
      • Add
        a new policy rule in-between existing policy rules.
      • Select and
        a policy rule ordered between two other policy rules.
        Deleting a policy rule at the bottom of your policy rulebase is not considered reodering.
      • Select and
        a policy rule.
    • Revert the Panorama Configuration
      and revert the Panorama configuration.
      Please note that any other configuration changes associated with the device group are also reverted.
      1. Revert to last saved Panorama configuration
        Revert to running Panorama configuration
      2. Select Device Groups & Templates
      3. Select the device group the policy rulebase you reordered is a part of and click
      4. You are prompted that the specified device group is reverted. Click
        to continue.
  2. Select
    Commit to Panorama
  3. Select
    Commit Changes Made By
    and verify the device group and associated policy rulebase reordering changes are displayed in the Commit Scope
  4. Commit

Recommended For You