Add a Device Group
After adding firewalls (see Add a Firewall as a Managed Device), you can group them into Device Groups (up to 1,024), as follows. Be sure to assign both firewalls in an active-passive high availability (HA) configuration to the same device group so that Panorama will push the same policy rules and objects to those firewalls. PAN-OS doesn’t synchronize pushed rules across HA peers. To manage rules and objects at different administrative levels in your organization, Create a Device Group Hierarchy.
- Select PanoramaDevice Groups, and click Add.
- Enter a unique Name and a Description to identify the device group.
- In the Devices section, select check boxes to assign
firewalls to the group. To search a long list of firewalls, use
the Filters.You can assign any firewall to only one device group. You can assign each virtual system on a firewall to a different device group.
- (Optional) Select Group HA Peers for
firewalls that are HA peers.The firewall name of the passive or active-secondary peer is in parentheses.
- Select the Parent Device Group (default is Shared) that will be just above the device group you are creating in the device group hierarchy.
- If your policy rules will reference users and groups,
assign a Master firewall.This will be the only firewall in the device group from which Panorama gathers username and user group information.
- Click OK to save your changes.
- Select CommitCommit and Push and then Commit and Push your changes to the Panorama configuration and to the device group you added.
Create a Device Group Hierarchy
Create a Device Group Hierarchy Plan the Device Group Hierarchy . Decide the device group levels, and which firewalls and virtual systems you will assign ...
Panorama > Device Groups
Panorama > Device Groups Device groups comprise firewalls and virtual systems you want to manage as a group, such as the firewalls that manage a ...
Migrate a Firewall to Panorama Management
Migrate a Firewall to Panorama Management When you import a firewall configuration, Panorama automatically creates a template to contain the imported network and device settings. ...
Manage Unused Shared Objects
Manage Unused Shared Objects When you push configuration changes Device Groups , by default Panorama pushes all shared objects to firewalls whether or not any ...
Device Group Objects
Device Group Objects Objects are configuration elements that policy rules reference, for example: IP addresses, URL categories, security profiles, users, services, and applications. Rules of ...
Manage Precedence of Inherited Objects
Manage Precedence of Inherited Objects By default, when device groups at different levels in the Device Group Hierarchy have an object with the same name ...
Manage Device Groups
Manage Device Groups Add a Device Group Create a Device Group Hierarchy Create Objects for Use in Shared or Device Group Policy Revert to Inherited ...
Plan Your Multi-NSX Deployment
Plan Your Multi-NSX Deployment You must carefully plan your device group hierarchy and template stacks and consider how they interact with the other components needed ...
Policy Enforcement using Dynamic Address Groups
Policy Enforcement using Dynamic Address Groups Unlike the other versions of the VM-Series firewall, because both virtual wire interfaces (and subinterfaces) belong to the same ...