Migrating from Individual VM to Panorama

Assuming you have existing individually managed VM-Series in CoPilot and have prepared your Panorama, follow the instructions below to migrate individual VMs to Panorama.

Removing the Firewall Integration as PAN

If any firewall for a FireNet is already integrated with PAN as the Vendor type, you need to remove that configuration.

  1. Navigate to Security > Firewall and select a PAN VM-Series firewall.

  2. Click the link 40 icon and remove it from the FireNet.

Removing Firewall Configuration

If this is a new VM, skip this step.

From your firewall console, remove the interfaces, zone, virtual router, policies, api admin role and api administrator.

Adding Firewall to Panorama

Refer to How to Add a Locally Managed Firewall to Panorama Management.

  1. Add the firewall to the Panorama-managed devices list.

    1. Log into Panorama, select Panorama > Managed Devices and click Add.

    2. Enter the serial number of the firewall and click OK.

    3. Commit. For the Commit Type, select Panorama and click Commit again.

  2. Set up a connection from the firewall to Panorama.

    1. Log in to the firewall, select Device > Setup, and edit the Panorama Settings.

    2. In the Panorama Servers fields, enter the IP addresses of the Panorama management server.

    3. Click OK and Commit.

  3. Make any necessary configuration changes and commit your changes to the VMs.

    1. Click Commit and for the Commit Type select Device Group.

    2. Select Merge with Device Candidate Config, mark the Include Device and Network Templates checkbox, and click Commit.

  4. Go back to Panorama > Managed Devices > Summary and mark the checkbox for the device which should show "Connected."

Port 3978 also needs to be allowed on the firewall side. After 4.7, newly launched firewalls through the AVX Controller will handle this, but for existing firewalls, you must do it manually.

Adding the Device into the Desired Template Stack and Device Group

  1. Go to Panorama > Template, select the desired template stack, and check the firewall from the device list.

  2. Go to Panorama > Device Group, select the desired group and check the firewall from the device list.

  3. Commit and push.

Integrating Panorama with the Aviatrix Controller

Go to the Aviatrix Controller > Firewall Network >Vendor Integration > Firewall Manager (Panorama), fill out all the required information and save. After this step, the Panorama and PAN firewalls are attached to the Controller.