1. Home
    2. PAN-OS
    3. PAN-OS ® New Features Guide
    4. Panorama Features
    5. Admin-Level Commit with Policy Reordering

    Admin-Level Commit with Policy Reordering

    Commit configuration changes to your policy rulebase reordering on the Panorama management server.
    The Panorama management server running PAN-OS 11.0.1 enables Panorama admin to commit or revert their own policy rulebase reordering configuration changes. This enables and supports concurrent Panorama admins making policy reordering changes and does not require you to commit or revert all configuration changes on Panorama when policy rulebase reordering is required. Additionally, this allows you to accurately track and audit policy rulebase reordering changes made by each individual admin. Admin-level commit and revert of policy reordering changes is supported when adding a new policy rule between existing rules, moving and reordering existing policy rules, and deleting an existing policy rule. A configuration log is generated when an admin-level commit or revert for a policy rulebase reordering is performed.
    When you preview your configuration commit, a policy rule added between existing policy rules is displayed as a modified configuration object rather than an added configuration object. For example,
    Policy1
     and
    Policy2
     are existing policy rules. A Panorama admin later creates
    Policy3
     and adds the policy rule between
    Policy1
     and
    Policy2
    . When the Panorama admin goes to preview the configuration changes,
    Policy3
     is displayed as a modified configuration object.
    Panorama must be running PAN-OS 11.0.1 to perform an admin-level commit when a policy rulebase is reordered and then push the change to managed firewalls.
    2. Reorder a policy rulebase.
      • Reorder a Policy Rulebase
         In your
        Policies
        , reorder a policy rulebase.
        • Add
           a new policy rule in-between existing policy rules.
        • Select and
          Delete
           a policy rule ordered between two other policy rules.
          Deleting a policy rule at the bottom of your policy rulebase is not considered reodering.
        • Select and
          Move
           a policy rule.
      • Revert the Panorama Configuration
        —Select
        Panorama
        Setup
        Operations
         and revert the Panorama configuration.
        Please note that any other configuration changes associated with the device group are also reverted.
        1. Revert to last saved Panorama configuration
           or
          Revert to running Panorama configuration
          .
        2. Select Device Groups & Templates
          .
        3. Select the device group the policy rulebase you reordered is a part of and click
          OK
          .
        4. You are prompted that the specified device group is reverted. Click
          OK
           to continue.
    3. Select
      Commit
       and
      Commit to Panorama
      .
    4. Select
      Commit Changes Made By
       and verify the device group and associated policy rulebase reordering changes are displayed in the Commit Scope
    5. Commit
      .

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo