: Manage Precedence of Inherited Objects
Focus
Focus

Manage Precedence of Inherited Objects

Table of Contents

Manage Precedence of Inherited Objects

By default, when device groups at different levels in the Device Group Hierarchy have an object with the same name but different values (because of overrides, as an example), policy rules in a descendant device group use the object values in that descendant instead of using object values inherited from ancestor device groups. Optionally, you can reverse this order of precedence to push values from the highest ancestor containing the object to all descendant device groups. After you enable this option, the next time you push configuration changes to device groups, the values of inherited objects replace the values of any overridden objects in the descendant device groups. The figure below demonstrates the precedence of inherited objects in a device group:
If a firewall has locally defined objects with the same name as shared or device group objects that Panorama pushes, a commit failure occurs.
If you want to revert a specific overridden object to its ancestor values instead of pushing ancestor values to all overridden objects, see Revert to Inherited Object Values.
  1. Select PanoramaSetupManagement and edit the Panorama Settings.
  2. If you want to reverse the default order of precedence, select Objects defined in ancestors will take higher precedence. The dialog then displays the Find Overridden Objects link, which provides the option to see how many overridden (shadowed) objects will have ancestor values after you commit this change. You can hover over the quantity message to display the object names.
    If you want to revert to the default order of precedence, clear Objects defined in ancestors will take higher precedence.
    Find Overridden Objects only detects a Shared device group object that shares a name with another object in the device group.
  3. Click OK to save your changes.
  4. Select CommitCommit to Panorama and Commit your changes.
  5. (Optional) If you selected Objects defined in ancestors will take higher precedence, Panorama does not push the ancestor objects until you push configuration changes to device groups: select CommitPush to Devices and Push your changes.