Palo Alto Networks Palo Alto Networks Palo Alto Networks Palo Alto Networks PA-200įor example, I have Two IP Addresses, My Static IP address and my default gateway, that I want to put in my config.
What is the best way to approach the use of Template Variables within Policies? Proper use of single variables reduces that risk. However, by providing this need for duplication we have to go back to updating a change in address in multiple locations on the configuration, and one mistake can break everything. Our documentation practices have that information too, but I prefer to have my techs verify the documentation when actively troubleshooting to ensure a missed update doesn't send them down the wrong path. I see huge value of getting all these pieces into our Panorama so my other techs can look at it and see all addresses in one place, especially if a branch is down and they can't log into it. I'm confused by this requirement for duplication and what appears to be pointless redundancy. The Address piece was originally recommended to keep at the device level, as typically only the 1 location needed to know about addresses with local providers. From what I can tell, the variables can only be used on the Network and Device tabs (Template), while the Policy requires an "Address" configuration. However, many of the IP address variables we want to use are also used in policy configurations. I'm working on improving our standardization and troubleshooting of our various branch Firewalls, and starting to use the Template variables for the configuration, rather than having 90% of the configuration of our firewalls overriding the templates (the method recommend before PANOS 8.1 Variables).
0 kommentar(er)
