Skip to content
This repository has been archived by the owner on Jul 7, 2021. It is now read-only.

Configuration Sync #32

Open
miztertea opened this issue Jun 18, 2018 · 4 comments
Open

Configuration Sync #32

miztertea opened this issue Jun 18, 2018 · 4 comments

Comments

@miztertea
Copy link

My apologies if I missed something. But does this solution require Panorama? How are the configurations being synchronized between the Firewalls in different AZ's?

@jpeezus
Copy link
Contributor

jpeezus commented Jun 18, 2018

Transit VPC does NOT require Panorama but you can use a Panorama if you would like. As it stands the configurations are loaded via Bootstrapping but you can take the init-cfg.txt file and configure the Panorama information including device group and template information and once the the firewall bootstraps and connects to Panorama, the Panorama will send the DG and template config to the VM-Series.

Below is a link to an init-cfg.txt sample
https://www.paloaltonetworks.com/documentation/71/virtualization/virtualization/bootstrap-the-vm-series-firewall/create-the-init-cfg-txt-file

@miztertea
Copy link
Author

@jpeezus Thanks for the quick reply. This would be for the init correct? What if I update a rule in Firewall A? How does that rule get updated in Firewall B?

@jpeezus
Copy link
Contributor

jpeezus commented Jun 18, 2018

Yes that would be the init-cfg.txt file. In terms of changes on Firewall A to B that is where Panorama would make it easier because the firewalls will both be a member of the same Device Group.
If you are using the Bootstrap only then you have to export the config every time you change and change the snapshot to bootstrap.xml and place it in the bootstrap/config folder

Bootstrap Configuration Files
https://www.paloaltonetworks.com/documentation/71/virtualization/virtualization/bootstrap-the-vm-series-firewall/bootstrap-configuration-files#_67285

@Simbec
Copy link

Simbec commented May 30, 2019

Is anyone having issues with the configuration of the IPSec tunnels in the VM's after they joined to a Panorama?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants