Here's the situation. I have a pair of palo's managed by pano (Site A). I have two more palo's (Site B) that will be managed by pano that are going to be "just like" the first two except for the obvious name, IP, networking and so on. The two sites will run in parallel for some time.
I cloned the template for Site A and I'm setting about making the changes to it to reflect the Site B configuration. According to palo documentation, "If you use a Panorama template to push vsys configurations, the vsys name in the template must match the vsys name on the firewall."
What I don't understand is how I can make that happen if I can't change the vsys name on the template. If vsys name changes have to be done locally then how can I get that to reflect on the new template?
I feel like it's a "what came first, the chicken or the egg scenario".
No that shouldt cause any structural issues, it's only a bit of a nuisance (you could go into the XML and manually rename the vsys)
So the B set is blank? Then there shouldnt be any risk involved in pushing down the cloned templates, just that the names may not be accurate which is a nuisance
I'm almost failing to see the point of being able to clone a template at this point.
You can only rename vsys' on the local firewall, so if you have conflicting (chicken&egg) config on pano and fw you're stuck. I'd try this if it's not too much work: Save your current templates for fw B with a placeholder name Remove firewall cluster b from all templates and device groups, and import them into panorama as new devices Then move them to the correct device group and add the templates you created to the template stack that's created upon import Then on the "placeholder" templates remove any conflicting config that's taken care of in the import and only leave the "overwrites" you want to introduce