When overriding a template configuration locally on a firewall, what should you consider?
When overriding a template configuration locally on a firewall, what should you consider?
When overriding a template configuration locally on a firewall, it is important to consider that the firewall template will show that it is out of sync within Panorama. This means that Panorama will no longer be managing that particular setting, and the local firewall's configuration will differ from the template settings maintained within Panorama. This out-of-sync status is an indication to the network administrator that the configuration has been altered locally and may need attention to ensure consistency across the network.
The correct answer is D. "When you override a setting on the firewall, the firewall saves that setting to its local configuration and Panorama no longer manages the setting." "If you push a configuration with Force Template Values enabled, all overridden values on the firewall are replaced with values from the template. Before you use this option, check for overridden values on the firewalls to ensure your commit does not result in any unexpected network outages or issues caused by replacing those overridden values." Although this doesn't explicitly indicate that you lose visibility, it definitely implies by advising you to check local firewall settings before forcing template values. https://docs.paloaltonetworks.com/panorama/8-1/panorama-admin/panorama-overview/centralized-firewall-configuration-and-update-management/templates-and-template-stacks.html https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/panorama-web-interface/panorama-commit-operations.html
D. Definitely. I already experience this.
Should be D.
D for me unless revert is not the same as force template back to FW... https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/panorama-overview/centralized-firewall-configuration-and-update-management/templates-and-template-stacks
https://docs.paloaltonetworks.com/panorama/10-2/panorama-admin/panorama-overview/centralized-firewall-configuration-and-update-management/templates-and-template-stacks
Ans: B .... As per PCNSE study guide When you override the setting on the firewall, the firewall saves that setting to its local configuration and panorama no longer manages the setting.
it is A , Panorama allows you to override values a firewall received from a template and will let you know its a local value after youve changed it https://docs.paloaltonetworks.com/panorama/9-0/panorama-admin/manage-firewalls/manage-templates-and-template-stacks/override-a-template-setting/override-a-template-setting-on-the-firewall.html
sorry B
D is correct
Panorama still sees it as Sync but we still see the old setting
D is correct
D. Definitely. I already experience this.
same as #421
Commit with force template values will override any setting made locally.
I think it is B. Losing visibility doesn't it mean that it will not be able to manage it any more?!
It's D. From admin guide - Templates and Template Stacks. When you override a setting on the firewall, the firewall saves that setting to its local configuration and Panorama no longer manages the setting.
Based on my knowledge out-of-sync message appear on Panorama only was perform a commit to Panorama but not pushed to the NGFW. https://live.paloaltonetworks.com/t5/general-topics/reason-for-out-of-sync-message-in-panorama/td-p/328292 The override setting are not visible (known) by Panorama. The config are pushed only from Panorama to NGFW. I believe the correct answer is D.