Automatically revert the firewall and Panorama™ management
server to the last the running configuration to automatically when
the firewall loses connection to Panorama.
Recovering isolated firewalls can be painful
as it can result in unintended downtime and a loss in productivity.
PAN-OS 9.1.0 introduces the ability for managed firewalls to check
for connectivity to the Panorama™ management server and automatically
revert to the last running configuration when the firewall is unable
to communicate with Panorama. This helps you quickly resolve any
configuration or connectivity issues without the need for manual
Automatic commit recovery allows you to configure
the firewall to attempt a specified number of connectivity tests
after you push a configuration from Panorama or commit a configuration
change locally on the firewall. Additionally, the firewall checks
connectivity to Panorama every hour to ensure consistent communication
in the event unrelated network configuration changes have disrupted
connectivity between the firewall and Panorama or if implications
to a pushed committed configuration may have affected connectivity.
If an hourly connectivity check fails, the firewall generates a
system log to alert admins of potential configuration or network
connectivity issues. Additionally, a system log is generated when
you disable the setting, a connectivity test fails, or when a firewall
configuration reverts to the last running configuration.
high availability (HA) firewall configurations, each HA peer performs
connectivity tests independently of each other, and HA config syncs
may only occur after each HA successfully tests connectivity to
Panorama and verifies their connection.