: Troubleshoot Automatically Reverted Firewall Configurations
Focus
Focus

Troubleshoot Automatically Reverted Firewall Configurations

Table of Contents

Troubleshoot Automatically Reverted Firewall Configurations

View the configuration diff to asses what configuration changes cause the managed firewall to automatically revert its configuration.
If your managed firewall automatically reverts its configuration due to a configuration change that caused a connection to break between the Panorama™ management server and the firewall, you can troubleshoot the out-of-sync firewalls to determine what changes were made and to determine what aspects of that last configuration push caused the firewall revert its configuration.
  1. Verify that the managed firewall automatically reverted to the last running configuration.
    • On the firewall
      1. Click Tasks (bottom-right hand corner of the web interface).
      2. Verify that the last commit operation (either pushed from Panorama or committed locally) shows a Reverted status.
    • On Panorama
      1. Select PanoramaManaged DevicesSummary.
      2. View the Shared Policy and Template sync status. If you have recently pushed a configuration from Panorama to your managed firewalls and it reverted, the Shared Policy or Template display as Out of Sync (depending on what configuration changes were made).
  2. In the Last Merged Diff column for a managed firewall, Show Last Merged Config Diff (
    ) to compare the current running configuration and the reverted configuration. In this example, a policy rule pushed from Panorama denied all traffic between the managed firewall and Panorama, which caused the firewall configuration to automatically revert.
  3. Modify configuration objects as needed as to not break the connection between the managed firewalls and Panorama before you re-push the configuration.