: Add a Device Group
Focus
Focus

Add a Device Group

Table of Contents
End-of-Life (EoL)

Add a Device Group

After adding firewalls (see Add a Firewall as a Managed Device), you can group them into Device Groups (up to 1,024), as follows. Be sure to assign both firewalls in an active-passive high availability (HA) configuration to the same device group so that Panorama will push the same policy rules and objects to those firewalls. PAN-OS doesn’t synchronize pushed rules across HA peers. To manage rules and objects at different administrative levels in your organization, Create a Device Group Hierarchy.
  1. Select PanoramaDevice Groups, and click Add.
  2. Enter a unique Name and a Description to identify the device group.
  3. In the Devices section, select check boxes to assign firewalls to the group. To search a long list of firewalls, use the Filters.
    You can assign any firewall to only one device group. You can assign each virtual system on a firewall to a different device group.
  4. In the Reference Template section, Add any templates or template stacks with objects referenced by the device group configuration.
    You must assign the appropriate template or template stack references to the device group in order to successfully associate the template or template stack to the device group. This allows you to reference objects configured in a template or template stack without adding an unrelated device to a template stack.
    Skip this step if the device group configuration does not reference any objects configured in a template or template stack.
  5. (Optional) Select Group HA Peers for firewalls that are HA peers.
    You can only group managed firewall HA peers if they are in the same device group.
    The firewall name of the passive or active-secondary peer is in parentheses. Grouping HA peers is a visual change and no configuration change occurs.
  6. Select the Parent Device Group (default is Shared) that will be just above the device group you are creating in the device group hierarchy.
  7. If your policy rules will reference users and groups, assign a Master firewall.
    This will be the only firewall in the device group from which Panorama gathers username and user group information.
  8. Click OK to save your changes.
  9. Select CommitCommit and Push and then Commit and Push your changes to the Panorama configuration and to the device group you added.