Removing the Firewall Integration as PAN
If any firewall for a FireNet is already integrated with PAN as the Vendor type, you need to remove that configuration.- Navigate to Security > Firewall and select a PAN VM-Series firewall.
- Click the link icon and remove it from the FireNet.
Removing Firewall Configuration
If this is a new VM, skip this step. From your firewall console, remove the interfaces, zone, virtual router, policies, api admin role and api administrator.Adding Firewall to Panorama
Refer to How to Add a Locally Managed Firewall to Panorama Management.-
Add the firewall to the Panorama-managed devices list.
- Log into Panorama, select Panorama > Managed Devices and click Add.
- Enter the serial number of the firewall and click OK.
- Commit. For the Commit Type, select Panorama and click Commit again.
-
Set up a connection from the firewall to Panorama.
- Log in to the firewall, select Device > Setup, and edit the Panorama Settings.
- In the Panorama Servers fields, enter the IP addresses of the Panorama management server.
- Click OK and Commit.
-
Make any necessary configuration changes and commit your changes to the VMs.
- Click Commit and for the Commit Type select Device Group.
- Select Merge with Device Candidate Config, mark the Include Device and Network Templates checkbox, and click Commit.
- Go back to Panorama > Managed Devices > Summary and mark the checkbox for the device which should show “Connected.”
Port 3978 also needs to be allowed on the firewall side. After 4.7, newly launched firewalls through the AVX Controller will handle this, but for existing firewalls, you must do it manually.
Adding the Device into the Desired Template Stack and Device Group
- Go to Panorama > Template, select the desired template stack, and check the firewall from the device list.
- Go to Panorama > Device Group, select the desired group and check the firewall from the device list.
- Commit and push.