Migrating from Individual VM to Panorama
Assuming you have existing individually managed VM-Series in CoPilot and have prepared your Panorama, follow the instructions below to migrate individual VMs to Panorama.
Removing the Firewall Integration as PAN
If any firewall for a FireNet is already integrated with PAN as the Vendor type, you need to remove that configuration.
-
Navigate to Security > Firewall and select a PAN VM-Series firewall.
-
Click the link
icon and remove it from the FireNet.
Adding Firewall to Panorama
-
Add the firewall to the Panorama-managed devices list.
-
Log into Panorama, select Panorama > Managed Devices and click Add.
-
Enter the serial number of the firewall and click OK.
-
Commit. For the Commit Type, select Panorama and click Commit again.
-
-
Set up a connection from the firewall to Panorama.
-
Log in to the firewall, select Device > Setup, and edit the Panorama Settings.
-
In the Panorama Servers fields, enter the IP addresses of the Panorama management server.
-
Click OK and Commit.
-
-
Make any necessary configuration changes and commit your changes to the VMs.
-
Click Commit and for the Commit Type select Device Group.
-
Select Merge with Device Candidate Config, mark the Include Device and Network Templates checkbox, and click Commit.
-
-
Go back to Panorama > Managed Devices > Summary and mark the checkbox for the device which should show "Connected."
Port 3978 also needs to be allowed on the firewall side.
Adding the Device into the Desired Template Stack and Device Group
-
Go to Panorama > Template, select the desired template stack, and check the firewall from the device list.
-
Go to Panorama > Device Group, select the desired group and check the firewall from the device list.
-
Commit and push.
Integrating Panorama with CoPilot
Complete the vendor integration steps here. After this step, the Panorama and PAN firewalls are attached to the Controller.