How to Add a Locally Managed Firewall to Panorama Management

If you're trying to add a locally managed firewall to Panorama, here's a step-by-step guide on how to get it set up:

Quick Note:

The instructions here apply to older Panorama versions. If you're using a newer version, you should check out the following documentation:

• Add A Firewall as a Managed Device (11.1 version)

• Add A Firewall as a Managed Device (10.2 version)

What You Need to Do:

1. Import the Firewall Configuration into Panorama

   
   

   When you import the firewall’s configuration, Panorama will automatically create a template for the network and device settings. It will also create a device group for managing the policies and objects.

   
   

   Important: You can only import configurations from firewalls running PAN-OS 5.0 or later. However, newer Panorama versions (7.0 and up) can’t push or export configurations to firewalls running PAN-OS 6.0.3 or earlier.

Steps to Add the Firewall:

1. Add the Firewall to Panorama’s Managed Devices List

   • Log into Panorama and head to Panorama > Managed Devices. Click Add.

   • Enter the serial number of the firewall you want to add, then click OK.

   • Don’t forget to commit your changes by selecting Panorama as the commit type.

2. Set Up the Connection Between the Firewall and Panorama

   • Log in to the firewall and go to Device > Setup.

   • Edit the Panorama Settings, and in the Panorama Servers field, add the IP addresses of the Panorama server.

   • Click OK and commit the changes.

3. Import the Firewall Configuration into Panorama

   • In Panorama, go to Panorama > Setup > Operations.

   • Select Import device configuration to Panorama and pick the firewall.

   • Keep in mind that you can’t import a configuration if the firewall is already assigned to an existing device group or template.
     

     

4. Verify the Imported Configuration

   • You can check if the configuration imported correctly by comparing the running and candidate configuration via Panorama > Config Audit > Go.

   • If everything looks good, click Commit and choose Panorama as the commit type.

5. Push the Configuration Bundle to the Firewall

   • From Panorama > Setup > Operations, click Export or Push Device Config Bundle.

   • Select the device from which you imported the configuration and click OK.

   • Hit Push & Commit to send the configuration bundle to the firewall.

6. Make and Commit Any Additional Changes

   • If you need to make adjustments, go ahead and modify the configuration.

   • When you're ready, commit the changes to the device group by selecting Device Group as the commit type. Choose Merge with Device Candidate Config, tick the Include Device and Network Templates box, and hit Commit.