Troubleshoot Automatically Reverted Firewall Configurations

View the configuration diff to asses what configuration changes cause the managed firewall to automatically revert its configuration.
If your managed firewall automatically reverts its configuration due to a configuration change that caused a connection to break between the Panorama™ management server and the firewall, you can troubleshoot the out-of-sync firewalls to determine what changes were made and to determine what aspects of that last configuration push caused the firewall revert its configuration.
  1. Verify that the managed firewall automatically reverted to the last running configuration.
    • On the firewall
      1. Click
        Tasks
        (bottom-right hand corner of the web interface).
      2. Verify that the last commit operation (either pushed from Panorama or committed locally) shows a
        Reverted
        status.
        check-commit-revert-firewall.png
    • On Panorama
      1. Select
        Panorama
        Managed Devices
        Summary
        .
      2. View the Shared Policy and Template sync status. If you have recently pushed a configuration from Panorama to your managed firewalls and it reverted, the Shared Policy or Template display as
        Out of Sync
        (depending on what configuration changes were made).
        check-commit-revert-panorama.png
  2. In the Last Merged Diff column for a managed firewall,
    Show Last Merged Config Diff
    ( magnifying-class-search.png ) to compare the current running configuration and the reverted configuration. In this example, a policy rule pushed from Panorama denied all traffic between the managed firewall and Panorama, which caused the firewall configuration to automatically revert.
    last-merg-configed-diff.png
  3. Modify configuration objects as needed as to not break the connection between the managed firewalls and Panorama before you re-push the configuration.

Recommended For You