Administrator-Level Push
Table of Contents
10.2
Expand all | Collapse all
-
- CN-Series Firewall as a Kubernetes CNF
- High Availability Support for CN-Series Firewall as a Kubernetes CNF
- High Availability Support for CN-Series Firewall on AWS EKS
- DPDK Support for CN-Series Firewall
- Daemonset(vWire) IPv6 Support
- Panorama Plugin for Kubernetes 3.0.0
- L3 IPV4 Support for CN-Series
- 47 Dataplane Cores Support for VM-Series and CN-Series Firewalls
- Memory Scaling of the VM-Series Firewall
Administrator-Level Push
Push just the configuration changes made by the Panorama administrator to managed
firewalls.
PAN-OS 10.2 enables Panorama administrators to push just their own configuration
changes to managed firewalls. Additionally, a Panorama administrator can specify one
or more Panorama administrators with committed configuration changes to include in
the push. Leveraging an administrator-level push to managed firewalls reduces the
risk of pushing incomplete device group and template configurations to managed
firewalls by allowing you to explicitly exclude incomplete configuration changes
when you push to managed firewalls. This helps mitigate and avoid potential outages
and configuration related issues that could cause network disruptions.
For multi-vsys managed firewalls running PAN-OS 10.2, configurations in the Shared
device group are now pushed to a Shared configuration context for all virtual
systems rather than duplicating the shared configuration to each virtual system.
This reduces the operational burden of scaling configurations for multi-vsys
firewalls.
- Log in to the Panorama web interface.
- After you upgrade to PAN-OS 10.2,
Commit and Push to Devices the
entire Panorama managed configuration to your managed firewalls.This is required to utilize the administrator-level push and leverage the improved shared configuration object management for multi-vsys firewalls managed by Panorama.
- (Optional) Create a custom Panorama admin role to allow the Panorama
administrator to push configuration changes for other admins.The default Superuser or Panorama admin role privileges support full object level configuration privileges.
- Select PanoramaAdmin Roles and Add a new admin role.
- Enter a descriptive Name for the admin role.
- Select the Panorama admin role.
- Select Web UI and navigate to the Commit privileges.
- Configure the object level configuration privileges as needed.All object level configuration privileges are enabled by default.
-
Push All Changes—Allow the administrator to push all changes made by all admins.
-
Push For Other Admins—Allows the administrator select and push configuration changes made by other administrators.
-
Object Level Changes—Allows the administrator to view individual configuration objects to push. If disabled, the list of configuration objects is not displayed in the Push Scope.
-
- Click OK.
- Configure a Panorama administrator and select the Admin Role you created.
- Commit and Commit to Panorama.
- Perform device group and template stack configuration changes and CommitCommit to Panorama.See Selective Commit of Configuration Changes to make object-level selections to commit.
- Perform an administrator-level push to managed firewalls.
- Select CommitPush to Devices and select Commit Changes Made By to only push your own configuration changes.
- (Optional) Click the admin name displayed next to the Commit Changes Made By field to modify the Admin Scope and include configuration changes made by other admins in the commit.
- Expand the list of device groups and template stacks to review configuration changes.
- Push.