>
    Manage: Snippets
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. Manage: NGFW and Prisma Access
    4. Manage: Configuration Scope
    5. Manage: Snippets
    Download PDF
    Strata Cloud Manager

    Manage: Snippets

    Table of Contents

    Manage: Snippets

    Use snippets to group configurations that you can quickly push to your firewalls or deployments.
    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • NGFW (Managed by Strata Cloud Manager)
    • NGFW (Managed by PAN-OS or Panorama)
    • VM-Series, funded with Software NGFW Credits
    • AIOps for NGFW Premium license (use the Strata Cloud Manager app)
    • Prisma Access
       license
    Use snippets to group configurations that you can quickly push to your firewalls or deployments.
    A snippet is a configuration object which cannot fit into a hierarchy, or grouping of configuration objects, that you can associate with a folder, deployment, or device. Snippets are used to standardize a common base configuration for a set of firewalls or deployments allowing you to quickly onboard new devices with a known good configuration and reducing the time required to onboard a new device. For example, you onboard a new firewall in a remote branch office. You can associate a set of snippets that contain all of the required network and policy rule configurations with the folder the new firewall belongs to. This reduces the time required to set up the firewall to protect the remote branch office.
    Snippet associations have a top-down priority in the event of conflicting object values. Rules with duplicate names are not allowed, and validation fails during the creation of a snippet with the same name in any folder or while associating a snippet to a folder if the snippet with the same name is already associated.
    This means that if the first and the last associated snippets have different values for the same object, the value from the first snippet is inherited by the device or deployment. Additionally, all configurations inherited from a snippet can be overridden at the child folder, deployment, or device level.
    Within a folder hierarchy, a snippet might only be associated one time within any folder hierarchy. This means that a snippet can’t be associated with both a folder and the folder nested under it. However, you can associate the same snippet with different folders or folders nested under different folders. Snippets that are already associated with a folder in the folder hierarchy are grayed out so they can’t be used more than once where applicable.

    Create a Snippet

    Create and associate a snippet with a folder, deployment, or device to apply a common base configuration to a group of devices. You can associate as many snippets with a folder, deployment, or device as needed.
    Snippets can be modified and reassociated with any folder, deployment, or device at any time after creation.
    Custom snippets that are no longer in use can be deleted.
    1. Log in to
      Strata Cloud Manager
      .
    2. Select
      Manage
      Configuration
      NGFW and Prisma Access
      Overview
       and expand the Configuration Scope to view the
      Snippets
      .
    3. Add Snippet
      .
    4. Create the snippet.
      1. Give the snippet a descriptive
        Name
        .
      2. (
        Optional
        ) Enter a
        Description
         for the snippet.
      3. (
        Optional
        ) Assign one or more
        Labels
        .
        You can select an existing label or create a new label by typing the label you wanted to create.
      4. Create
        .
        Newly created snippets are listed categorised under
        Local
         snippets. After the snippets are published, they are moved under Published snippets.
    5. Create your snippet configuration.
      You’re now in the Configuration Scope for the snippet. All configurations you create while in the snippet scope occurs only for the snippet.
      While in the snippet scope, you can review the snippet
      Overview
       to see detailed information about the snippet. This includes information such as the number of variables, information about the snippet was created and last updated, and the list of all folders, deployments, and devices the snippet is associated with.
    6. Associate a snippet.
      1. Select
        Manage
        Configuration
        NGFW and Prisma Access
        Overview
         and expand the Configuration Scope to view the
        Config Tree
        .
      2. Select the folder, deployment, or device you want to associate the snippet with.
      3. Edit the
        Config Snippet
        .
      4. Add the snippets that you want to associate and order them as needed.
      5. Close
        .
    7. Push Config
       to push your configuration changes to your network.

    Modify a Snippet

    Modify your snippet configurations, details, and associations.
    Custom snippets no longer associated with a folder, deployment, or device can be deleted.
    1. Log in to
      Strata Cloud Manager
      .
    2. Select
      Manage
      Configuration
      NGFW and Prisma Access
      Overview
       and expand the Configuration Scope to view the
      Snippets
      .
    3. Select the snippet you want to modify.
      After you select a snippet, you’re redirected to the snippet
      Overview
      .
    4. (
      Optional
      ) Edit the snippet to modify the
      Name
      ,
      Description
      , or to change or assign additional
      Labels
      . Enable or disable
      Pause Update
       to see the config diffs and decide to accept the change.
    5. Edit the
      Snippet Associations
       to reassociate the snippet with a different folder, deployment, or device or to associate the snippet with additional folders, deployments, or devices.
      Exit the snippet reassociation screen to apply the changes.
    6. Make any changes to the snippet configuration as needed.
    7. Push Config
      .

    Delete a Snippet

    Delete your custom snippets to keep your configurations organized. Snippets must be unassociated with any firewalls, folders, or deployments before they are able to be deleted. Deleting predefined snippets is not supported.
    1. Log in to
      Strata Cloud Manager
      .
    2. Select
      Manage
      Configuration
      NGFW and Prisma Access
      Overview
       and expand the
      Configuration Scope
       to view the Snippets.
    3. Click the three vertical dots of the custom snippet you want to delete.
    4. Delete
       the snippet.
      Snippets currently associated with folders, deployments, or devices can't be deleted. You must first edit the
      Snippet Associations
       to remove all existing associations before it can be deleted.

    Clone a Snippet

    If you want to use an existing snippet as a template for a new snippet, you can easily clone it so you do not have to configure a completely new object.
    Cloned snippets are not associated with any devices, folders, or deployments, allowing you to customize them freely without having to disassociate them before you begin your configurations.
    1. Log in to
      Strata Cloud Manager
      .
    2. Select
      Manage
      Configuration
      NGFW and Prisma Access
      Overview
       and expand the
      Configuration Scope
       to view the Snippets.
    3. Click the three vertical dots of the custom snippet you want to clone.
    4. Clone
       the snippet.
      1. (
        Optional
        ) Give the cloned snippet a new name.

    Share Snippet Configuration Between Tenants

    This feature provides a unique and flexible way to share common configuration across any tenants including multitenant environment. You can save and manage any combination of configuration as a snippet, seamlessly sharing them across tenants under a customer account. This offers tremendous flexibility and control in managing shared configuration across tenants.
    This feature offers a variety of use cases such as updating configurations from lab to production environments, migrating configurations between tenants, centralizing configuration management for common use cases across tenants, and managing global configurations in a multibusiness unit setup.
    • Publisher tenant is the tenant who is sharing snippets with the subscriber tenant.
    • Subscriber tenant is the tenant receiving snippets from the publisher tenant
    1. Log in to
      Strata Cloud Manager
      .
    2. On the publisher tenant, select
      Manage
      Configuration
      NGFW and Prisma Access
      Overview
      , select the
      Global
       configuration scope.
    3. Establish Trust Between the Tenants
      : Set up a connection between the subscriber and publisher tenants to enable snippet sharing.
      1. Click
        Subscriber Tenant
         under
        Trusted Tenants for Snippet Sharing
        .
      2. Add Subscriber Tenant
        .
      3. Enter the
        TSG ID
         to add as a subscriber tenant, and
        Check TSG ID
         to validate. This validation ensures no usage of randomly generated TSG or Serialized TSG based attacks.
        The success message indicates that the TSD ID has been validated.
      4. Next: Generate Pre Shared Key
        .
        Copy the generated PSK; you enter this PSK when you validate the publisher tenant in step 4.
    4. Go to subscriber tenant, select
      Manage
      Configuration
      NGFW and Prisma Access
      Overview
       and set the configuration scope to
      Global
      .
      1. The
        Publisher Tenants
         status under
        Trusted Tenants for Snippet Sharing
         shows as
        Pending
        .
      2. Click
        Publisher Tenants
         and
        Enter Pre Shared Key
         generated in the previous step, and
        Validate
         the subscriber tenant.
        After successful validation, a message appears that tenant has been identified as a trusted tenant, which means that the trust has been established between the subscriber and publisher tenant.
    5. Publish Snippet to a subscriber tenant.
      1. Create and associate snippet to a folder.
        Newly created snippets are available under
        Local
         snippets. The following tabs appear for local sharable snippets.
        • Overview
           shows the snippet name, description, created time, which is the time when snippet was loaded on the subscriber side, and last updated time, and labels details.
        • Subscriber Tenants
           shows the tenant name, published version on the tenant, last published date, and publish status.
          • Click
            Published Version
             to view configuration difference.
          • Before publishing snippet to a tenant,
            Add Subscriber
             and
            Save
             it.
        • Version Snapshots
           gives you a view into your snippet configuration history. Version Snapshot screen is the place to compare config snapshots with your configuration candidate, and
          Save Version Snapshot
           or
          Load
           an earlier configuration snapshot to use as your candidate configuration. Click the
          Version
           number to view configuration difference.
        • Audit History
           provides an audit trail of all actions initiated by the administrator. It provides logs on published version number, changes made, the owner of the change, the date and time of the change, and the detail of the change.
      2. On the
        Subscriber Tenant
         tab, select the tenant name and
        Publish
        .
        The publish request is sent to the subscriber tenant. The
        Status
         column says Snippet Successfully published to subscriber and the snippet will be available under Published snippets.
    6. Verify on the subscriber tenant.
      1. Go to
        Overview
        Configuration Scope
        Snippets
        , and select the snippet under
        Subscribed
         snippets.
        You're redirected to the snippet
        Overview
         which shows the name of the publisher tenant, description, TSG ID, time when the snippet was created, last updated time, labels, and pause update details.
    7. Delete the trust
      Subscribed snippets associated with folders or Firewalls can only be cloned and can't be deleted.
      1. Go to subscriber or publisher tenant.
      2. Click
        Subscriber Tenant
         under
        Trusted Tenants for Snippet Sharing
        .
      3. Select the
        Tenant Name
        , and
        Delete Trust
        .
      After deletion of trust, the snippet loses association with the Firewall or folder and becomes a local snippet.

    Snippet Classification

    • Predefined: Predefined snippets are available to all Strata Cloud Manager users and can be used to quickly get your new firewalls and deployments up and running with best practice configurations.
    • Local: Local snippets are created locally on the tenant but not shared with any subscriber tenant, which you can close and edit.
    • Published: Published snippets are shared with trusted subscriber tenants, which you can clone and edit.
    • Subscribed: Subscriber tenants are shared by the publisher tenant, which you can only clone and cannot edit.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.