1. Home
    2. Panorama
    3. Panorama™ Administrator’s Guide
    4. Manage Firewalls
    5. Add a Template
    End-of-Life (EoL)
    Previous
    Next
    You must add at least one template before Panorama will display the Device and Network tabs required to define the network set up and device configuration elements for firewalls. Panorama supports up to 512 templates.
    		 You can avoid duplicating many configurations among templates by combining them into a template stack: see Templates and Template Stacks and Configure a Template Stack.
    Add a Template
    Add a template. Select Panorama > Templates. Click Add and enter a unique Name to identify the template. If the template has a virtual system (vsys) with configurations (for example, interfaces) that you want Panorama to push to firewalls that don’t have virtual systems, select it in the Default VSYS drop-down. In the Devices section, select check boxes to assign firewalls to the template. Whenever you add a new managed firewall to Panorama, you must assign it to the appropriate template; Panorama does not automatically assign new firewalls. When you perform a template commit, Panorama pushes the configuration to every firewall assigned to the template. ( Optional ) Select Group HA Peers to display a single check box for firewalls that are in a high availability (HA) configuration. Icons indicate the HA state: green for active and yellow for passive. The firewall name of the secondary peer is in parentheses. For active/passive HA, add both peers to the same template so that both will receive the configurations. For active/active HA, whether you add both peers to the same template depends on whether each peer requires the same configurations. For a list of the configurations that PAN-OS synchronizes between HA peers, see High Availability Synchronization. Click OK and Commit, for the Commit Type select Panorama, and click Commit again. Click Commit, for the Commit Type select Template, select the firewalls assigned to the template you just added, and click Commit again.
    Verify that the template is available. After you add the first template, Panorama displays the Device and Network tabs. These tabs display a Template drop-down. Check that the drop-down displays the template you just added.
    Use the template to push a configuration change to firewalls. Renaming a vsys is allowed only on the local firewall. If you rename a vsys on Panorama, you will create an entirely new vsys, or the new vsys name may get mapped to the wrong vsys on the firewall. Let’s define a primary Domain Name System (DNS) server for the firewalls in the template. In the Device tab, select the Template from the drop-down. Select Device > Setup > Services > Global, and edit the Services section. Enter an IP address for the Primary DNS Server. Click OK and Commit, for the Commit Type select Panorama, and click Commit again. Click Commit, for the Commit Type select Template, select the firewalls assigned to the template, and click Commit again.
    Verify that the firewall is configured with the template settings that you pushed from Panorama. In the Context drop-down, select one of the firewalls to which you pushed the template setting. Select Device > Setup > Services > Global. The IP address that you pushed from the template appears. The Services section header displays a template icon (green cog) to indicate that settings in the section have values pushed from a template.
    Previous
    Next

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo