Set Up the Panorama Interconnect Plugin

How to install the Panorama™ Interconnect plugin on the Panorama Controller and Panorama Nodes.
Centralize the template stack and device group management of large scale firewall deployments using Panorama™ Interconnect to push replicated configurations from a Panorama Controller to Panorama Nodes to ensure consistency of firewall configurations and security policies. Panorama Interconnect allows you to establish a Panorama Controller with which to manage the Panorama Nodes, who manage the firewalls and push configurations. This allows you to manage the configuration of large scale firewall deployments from a single location, reducing the time you need to spend configuring multiple Panorama management servers, and reducing your security vulnerability in the event of a misconfiguration. Before setting up the Panorama Interconnect plugin on your Panorama management servers, review the Panorama Interconnect Requirements.
  1. Install the Panorama Interconnect plugin. You must install the plugin on the Panorama Controller, and all Panorama Nodes.
    1. Select
      Panorama
      Plugins
      and search for
      Interconnect
      .
    2. Download
      and
      Install
      the Panorama Interconnect plugin.
    3. Click
      Commit
      Commit to Panorama
      to finish installing the Panorama Interconnect plugin.
  2. Enable Authentication Between the Panorama Controller and Nodes to secure authentication between the Panorama Controller and Panorama Nodes.
  3. Set up the plugin on the Panorama Controller. Repeat this step on the high availability peer if the Panorama Controller is in an HA configuration.
    Once the Panorama has been configured as the Panorama Controller, you cannot reconfigure the Panorama Controller as a Panorama Node. Verify that you are configuring the correct Panorama management server as the Panorama Controller before continuing.
    1. Select
      Panorama
      Interconnect
      Setup
      and edit the
      Interconnect Plugin Setup
      :
    2. In the
      Server Mode
      field, select
      Yes
      .
    3. Select the
      Certificate Profile
      you created in Step 2.
    4. Click
      OK
      to save the settings.
      panorama-interconnect-controller-config.png
    5. Click
      Commit
      and
      Commit to Panorama
      .
  4. Set up the plugin on the Panorama Node. Repeat this step for all Panorama Nodes.
    1. Select
      Panorama
      Interconnect
      Setup
      and edit the
      Interconnect Plugin Setup
      :
      • In the
        Server Mode
        field, select
        No
        .
      • Manager Panorama IP
        —Enter the management IP address of the Panorama Controller.
      • HA Manager IP
        —If the Panorama Controller is in a High Availability configuration, enter the management IP address of the HA Panorama Controller peer.
      • Select the Panorama Node certificate you imported in Step 2.
    2. Click
      OK
      to save the settings.
      panorama-interconnect-client-config.png
    3. Click
      Commit
      and
      Commit to Panorama
      to finish setting up the plugin on the Panorama Node.
  5. Add the Panorama Nodes to the Panorama Controller.
    1. Select
      Panorama
      Interconnect
      Panorama Nodes
      and
      Add
      the Panorama Node.
      1. Enter a
        Name
        for the Panorama Node. This does not need to match Device Name set on the Panorama management server.
        A period (.) in the Panorama Node
        Name
        is not supported.
      2. Enter the
        Serial No
        of the Panorama Node.
      3. Enter the
        IP
        address of the Panorama Node. The IP address must be accessible to the Panorama Controller.
      4. Enter a
        Description
        of the Panorama Node.
    2. Click
      OK
      to add the Panorama Node.
      panorama-interconnect-add-panorama-client.png
    3. Click
      Commit
      and
      Commit to Panorama
      to finish adding the Panorama Node.
  6. Verify that the newly added Panorama Node is
    Connected
    .
    1. Select
      Panorama
      Interconnect
      Panorama Nodes
      .
    2. Find the Panorama Node you added, and verify that the Connection Status column displays
      Connected
      .
      panorama-interconnect-verify-client-add.png
  7. Once the plugin has been successfully installed on the Panorama Controller and Panorama Nodes, perform the next steps to complete setting up Panorama Interconnect:
    1. On the Panorama Controller, Add a Device Group. Repeat this step to create as many device groups as required.
    2. On the Panorama Controller, Configure a Template Stack. Repeat this step to create as many template stacks as required.
    3. Synchronize Panorama Interconnect to push the Panorama-specific configuration, as well as the template stack and device group configurations, from the Panorama Controller to the Panorama Nodes.
    4. On the Panorama Controller, add one or more firewalls to be managed by a Panorama Node.

Related Documentation