1. Home
    2. Panorama
    3. Panorama Administrator's Guide
    4. Manage Firewalls
    5. Transition a Firewall to Panorama Management
    6. Localize a Panorama Pushed Configuration on a Managed Firewall

    Localize a Panorama Pushed Configuration on a Managed Firewall

    Localize the template and device group configuration pushed from a Panorama™ management server on a managed firewall.
    You can localize the template and device group configurations pushed from the Panorama™ management server to:
    • Remove the firewall from Panorama management.
    • Migrate firewall management to a different Panorama.
    • In the case of an emergency where Panorama is not accessible, ensure administrators can modify the managed firewall configuration locally.
    1. Launch the web interface of the managed firewall as an administrator with the Superuser role. You can directly access the firewall by entering its IP address in the browser URL field or, in Panorama, select the firewall in the
      Context
       drop-down.
    2. (
      Best Practice
      ) Select
      Device
      Setup
      Operations
       and
      Export device state
      .
      Save a copy of the firewall system state, including device group and template settings pushed from Panorama, in the event you need to reload a known working configuration on the managed firewall.
    3. Disable the template configuration to stop using template and template stacks to manage the network configuration objects of the managed firewall.
      1. Select
        Device
        Setup
        Management
         and edit the Panorama Settings.
      2. Click
        Disable Device and Network Template
        .
      3. (
        Optional
        ) Select
        Import Device and Network Template before disabling
         to save the template configuration settings locally on the firewall. If you do not select this option, PAN-OS deletes all Panorama-pushed settings from the firewall.
      4. Click
        OK
         twice to continue.
    4. Disable the device group configuration to stop using a device group to manage the policy and object configurations of the managed firewall.
      1. Select
        Device
        Setup
        Management
         and edit the Panorama Settings.
      2. (
        Optional
        ) Select
        Import Panorama Policy Objects before disabling
         to save the policy and object configurations locally on the firewall. If you do not select this option, PAN-OS deletes all Panorama-pushed configurations from the firewall.
      3. Click
        OK
         to continue.
      Do not attempt to commit your configuration changes on the managed firewall yet as all commits fail until the following steps are successfully completed.
    5. Select
      Device
      Setup
      Operations
       and
      Save named configuration snapshot
      .
    6. Load named configuration snapshot
       and enable (check)
      Regenerate Rule UUIDs for selected named configuration
       to generate new policy rule UUIDs.
      This step is required to successfully localize the Panorama-pushed policy rules on the managed firewalls.
    7. Click
      OK
       to load the named configuration snapshot.
    8. Commit
       the named configuration snapshot load.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo