Panorama Management of Multi-Vsys Firewalls
Upgrade from PAN-OS 10.1 to PAN-OS 11.1 using Skip Software
Version Upgrade only
|
For multi-vsys firewalls managed by a Panorama managed server,
configuration objects in the Shared device group are now pushed to a
Panorama Shared configuration context for all virtual systems rather
than duplicating the shared configuration to each virtual system to
reduce the operational burden of scaling configurations for
multi-vsys firewalls.
As a result, you must delete or rename any locally configured
firewall Shared object that has an identical
name to an object in the Panorama Shared
configuration. Otherwise, configuration pushes from Panorama fail
after the upgrade and display the error
<object-name> is already in
use.
The following configurations cannot be added to the Shared Panorama
location and are replicated to the Panorama location of each vsys of
a multi-vsys firewall.
- Pre and Post Rules
- External Dynamic Lists (EDL)
- Security Profile Groups
- HIP objects and profiles
- Custom objects
- Decryption profiles
- SD-WAN Link Management Profiles
|