Configure an on-premises or VM-Series Firewall as a Master Device
Table of Contents
Configure an on-premises or VM-Series Firewall as a Master Device
Use the following procedure to configure an
on-premises or VM-series firewall as a Master Device.
- Create device groups for mobile users, remote networks, and service connection device groups as required, and specify the on-premises device as theMaster Device.
- Select .
- Adda new device group.
- Enter aNamefor the device group.
- Leave theParent Device GroupasShared.
- In theDevicesarea, select theNameof the on-premises or VM-Series device that you want to set as theMaster Device.
- SelectStore user and groups from Master Device if Reporting and Filtering on Groups is enabled in Panorama Settings.This option allows Panorama to locally store usernames, user group names, and group mapping information that it receives from the Master Device.
- ClickOK.The following screenshot creates a Master Device to be used for the service connection.
- Associate the device groups you created for your Prisma Access mobile user, remote network, or service connection deployment.
- To associate the device group with a mobile user deployment, select and edit the settings by clicking the gear icon in theSettingsarea and associate the device group you created for the service connection with theParent Device Group.
- To associate the device group with a remote network connection, select and edit the settings by clicking the gear icon in theSettingsarea and associate the device group you created for the remote network connection with theParent Device Group.
- To associate the device group with a service connection, select and edit the settings by clicking the gear icon in theSettingsarea and associate the device group you created for the service connection with theParent Device Group.
After you create a parent device group, Prisma Access automatically populates group mapping for the device group that is associated with the master device only. For the previous examples, the auto-population would occur only in theUser-ID DG Mobile Users,User-ID DG Remote Connection, andUser-ID DG Service Connectiondevice groups, and would not populate to the Mobile_User_Device_Group, Remote_Network_Device_Group, or Service_Conn_Device_Group device groups, respectively. - ClickOK.