1. Home
    2. Panorama
    3. Panorama™ Administrator’s Guide
    4. Manage Firewalls
    5. Add a Template
    Previous
    Next
    You must add at least one template before Panorama will display the Device and Network tabs required to define the network set up and device configuration elements for firewalls. Panorama supports up to 512 templates.
    		 You can avoid duplicating many configurations among templates by combining them into a template stack: see Templates and Template Stacks and Configure a Template Stack.
    Add a Template
    Add a template. Select Panorama > Templates. Click Add and enter a unique Name to identify the template. If the template has a virtual system (vsys) with configurations (for example, interfaces) that you want Panorama to push to firewalls that don’t have virtual systems, select it in the Default VSYS drop-down. In the Devices section, select check boxes to assign firewalls to the template. Whenever you add a new managed firewall to Panorama, you must assign it to the appropriate template; Panorama does not automatically assign new firewalls. When you perform a template commit, Panorama pushes the configuration to every firewall assigned to the template. ( Optional ) Select Group HA Peers to display a single check box for firewalls that are in a high availability (HA) configuration. Icons indicate the HA state: green for active and yellow for passive. The firewall name of the secondary peer is in parentheses. For active/passive HA, add both peers to the same template so that both will receive the configurations. For active/active HA, whether you add both peers to the same template depends on whether each peer requires the same configurations. For a list of the configurations that PAN-OS synchronizes between HA peers, see High Availability Synchronization. Click OK and Commit, for the Commit Type select Panorama, and click Commit again. Click Commit, for the Commit Type select Template, select the firewalls assigned to the template you just added, and click Commit again.
    Verify that the template is available. After you add the first template, Panorama displays the Device and Network tabs. These tabs display a Template drop-down. Check that the drop-down displays the template you just added.
    Use the template to push a configuration change to firewalls. Renaming a vsys is allowed only on the local firewall. If you rename a vsys on Panorama, you will create an entirely new vsys, or the new vsys name may get mapped to the wrong vsys on the firewall. Let’s define a primary Domain Name System (DNS) server for the firewalls in the template. In the Device tab, select the Template from the drop-down. Select Device > Setup > Services > Global, and edit the Services section. Enter an IP address for the Primary DNS Server. Click OK and Commit, for the Commit Type select Panorama, and click Commit again. Click Commit, for the Commit Type select Template, select the firewalls assigned to the template, and click Commit again.
    Verify that the firewall is configured with the template settings that you pushed from Panorama. In the Context drop-down, select one of the firewalls to which you pushed the template setting. Select Device > Setup > Services > Global. The IP address that you pushed from the template appears. The Services section header displays a template icon (green cog) to indicate that settings in the section have values pushed from a template.
    Previous
    Next

    Related Documentation

    Panorama > Templates

    Panorama > Templates Through the Device and Network tabs, templates enable you to deploy a common base configuration to multiple firewalls that require similar settings. ...

    Configure a Template Stack

    Configure a Template Stack A template stack is a combination of templates: Panorama pushes the settings from every template in the stack to the firewalls ...

    Override a Template Setting

    Override a Template Setting While Templates and Template Stacks enable you to apply a base configuration to multiple firewalls, you might want to configure firewall-specific ...

    Commit Your Changes in Panorama

    Commit Your Changes in Panorama Click Commit at the top right of the web interface to commit, validate, or preview your changes to the Panorama ...

    Transition a Firewall to Panorama Management

    Transition a Firewall to Panorama Management If you have already deployed Palo Alto Networks firewalls and configured them locally, but now want to use Panorama ...

    Create Template(s), and Device Group(s) on Panorama

    Create Template(s), and Device Group(s) on Panorama To manage the VM-Series NSX edition firewalls using Panorama, the firewalls must belong to a device group and ...

    Templates and Template Stacks

    Templates and Template Stacks You use templates to configure the settings that enable firewalls to operate on the network. Templates enable you to define a ...

    Use Case: Configure Firewalls Using Panorama

    Use Case: Configure Firewalls Using Panorama Let’s say that you want to use Panorama in a high availability configuration to manage a dozen firewalls on ...

    Configure Log Forwarding to Panorama

    Configure Log Forwarding to Panorama By default, firewalls store all log files locally. To aggregate logs on Panorama, you must configure the firewalls to forward ...

    Device > Virtual Systems

    Device > Virtual Systems A virtual system (vsys) is an independent (virtual) firewall instance that you can separately manage within a physical firewall. Each vsys ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo