End-of-Life (EoL)

Add a Device Group

After adding firewalls (see Add a Firewall as a Managed Device), you can group them into Device Groups (up to 1,024), as follows. Be sure to assign both firewalls in an active-passive high availability (HA) configuration to the same device group so that Panorama will push the same policy rules and objects to those firewalls. PAN-OS doesn’t synchronize pushed rules across HA peers. To manage rules and objects at different administrative levels in your organization, Create a Device Group Hierarchy.
  1. Select
    Device Groups
    , and click
  2. Enter a unique
    and a
    to identify the device group.
  3. In the Devices section, select check boxes to assign firewalls to the group. To search a long list of firewalls, use the Filters.
    You can assign any firewall to only one device group. You can assign each virtual system on a firewall to a different device group.
  4. (
    ) Select
    Group HA Peers
    for firewalls that are HA peers.
    The firewall name of the passive or active-secondary peer is in parentheses.
  5. Select the
    Parent Device Group
    (default is
    ) that will be just above the device group you are creating in the device group hierarchy.
  6. If your policy rules will reference users and groups, assign a
    This will be the only firewall in the device group from which Panorama gathers username and user group information.
  7. Click
    to save your changes.
  8. Select
    Commit and Push
    and then
    Commit and Push
    your changes to the Panorama configuration and to the device group you added.

Recommended For You