Modifying Your Panorama Instance

With FireNet Vendor Integration to Palo Alto Networks’ Panorama, there may be a situation where the existing Panorama integration needs to be modified to another Panorama instance (i.e. the existing Panorama instance was moved/migrated and a new IP address was assigned to Panorama; if you simply want a new Panorama instance to manage your VM-Series firewalls; etc.).

If you need to modify your FireNet Vendor Integration to a different Panorama instance, the steps are outlined below.

This process will remove all existing Aviatrix-managed routes in the virtual router of the VM-Series, which may impact traffic. You should perform this process within a scheduled maintenance window.

  1. In the Controller, navigate to Firewall Network > Vendor Integration > Firewall Manager (Panorama.).

vendor config panorama

  1. Select the appropriate FireNet VPC ID and FireNet gateway where vendor integration with Panorama was previously configured. The existing configuration should auto-populate.

  2. Change the Vendor Type to Generic and clear these fields: Management IP Address, Login User Name, Login Password, Template Name, Template Stack Name, and Route table.

  3. Click Save. After a few minutes, a message displays indicating that the firewall vendor information was edited successfully. This removes the original Panorama configuration.

panorama save

  1. You can verify in the original Panorama instance that the Aviatrix-managed routes have been removed from the previously defined Template/Template Stack.

  2. To perform vendor integration with the new Panorama instance:

    1. On the same Controller page mentioned in step 1, change the Vendor Type back to Palo Alto Networks Panorama.

    2. Copy the following information from the new Panorama management system to the appropriate fields on the Vendor Integration page in the Controller:

      • Panorama IP address: copy to Management IP Address field

      • Within Panorama under Managed Devices > Templates: copy template name to Template Name field

      • Within Panorama under Managed Devices > Templates: copy template stack name to Template Stack Name field

  3. Enter the Panorama Login User Name and Login Password on the Firewall Manager (Panorama) Controller page.

  4. Save the new Vendor Configuration.

When the configuration is saved, the Aviatrix Controller performs vendor integration with the new Panorama instance. The Aviatrix-managed routes are pushed to the defined Template/Template-Stack in the new Panorama instance, which in turn will push the routes to the virtual router of the managed VM-Series assigned to the same Template/Template-Stack.

Use the Show button to view all routes configured in the defined Template/Template-Stack in Panorama.

Use the Sync button if a discrepancy occurs between the Aviatrix Transit route table and the Aviatrix-managed routes in the Template/Template-Stack.