Add a Device Group
After adding firewalls (see Add a Firewall as a Managed Device), you can group them into Device Groups (up to 1,024), as follows. Be sure to assign both firewalls in an active-passive high availability (HA) configuration to the same device group so that Panorama will push the same policy rules and objects to those firewalls. PAN-OS doesn’t synchronize pushed rules across HA peers. To manage rules and objects at different administrative levels in your organization, Create a Device Group Hierarchy.
- Select, and clickPanoramaDevice GroupsAdd.
- Enter a uniqueNameand aDescriptionto identify the device group.
- In the Devices section, select check boxes to assign firewalls to the group. To search a long list of firewalls, use the Filters.You can assign any firewall to only one device group. You can assign each virtual system on a firewall to a different device group.
- In the Reference Template section,Addany templates or template stacks with objects referenced by the device group configuration.You must assign the appropriate template or template stack references to the device group in order to successfully associate the template or template stack to the device group. This allows you to reference objects configured in a template or template stack without adding an unrelated device to a template stack.Skip this step if the device group configuration does not reference any objects configured in a template or template stack.
- (Optional) SelectGroup HA Peersfor firewalls that are HA peers.The firewall name of the passive or active-secondary peer is in parentheses.
- Select theParent Device Group(default isShared) that will be just above the device group you are creating in the device group hierarchy.
- If your policy rules will reference users and groups, assign aMasterfirewall.This will be the only firewall in the device group from which Panorama gathers username and user group information.
- ClickOKto save your changes.
- Selectand thenCommitCommit and PushCommit and Pushyour changes to the Panorama configuration and to the device group you added.
Configure a Template Stack
Configure a Template Stack A template stack is configurable and allows you to combine multiple templates to push full configurations to your managed firewalls. While ...
Plan Your Multi-NSX Deployment
Plan Your Multi-NSX Deployment You must carefully plan your device group hierarchy and template stacks and consider how they interact with the other components needed ...
Template Stacks You can configure a template stack or assign templates to a template stack. Assigning firewalls to a template stack allows you to push ...
Create Template(s), Template Stack(s), and Device Group(s) on Panorama
Create Template(s), Template Stack(s), and Device Group(s) on Panorama To manage the VM-Series firewalls for NSX using Panorama, the firewalls must belong to a device ...
Configure a Template or Template Stack Variable
How to create a variable in a template or template stack and push it to firewalls and appliances. ...
Create a Device Group Hierarchy
Create a Device Group Hierarchy Plan the Device Group Hierarchy . Decide the device group levels, and which firewalls and virtual systems you will assign ...
Templates and Template Stacks
Overview of template and template stack configuration functionality. ...
Import and Overwrite Existing Template Stack Variables
Import template or template stack variables to easily reuse template or template stacks. ...
Add a Template
Add a Template You must add at least one template before Panorama™ displays the Device and Network tabs required to define the network setup and ...