Hello good evening, again here bothering and looking for your collaboration for some questions about Panorama.
I have the following doubt, I understand that Local Override is not the best practice and should be used only in particular cases.
I have the following question:
It is possible to simply override "some Local Overrides", I mean local overrides directly in the firewalls, Example log in directly to the Firewall or through context switching and only override "some" not all, override or reverse some "local overrides" let's say partially only some parameters, so that only in those overrides of the local overrides, take the configurations again, from Panorama.
Is it possible, let's say simply, to log into a firewall, which already has several Override-Locales in some configs, and directly revert and/or cancel those Override locales, in short, remove the local-override from some configs and leave them to be injected from Panorama, not local.
Thanks for the collaboration, help and support, I remain attentive, best regards.
If you want to "play around" with panorama, you can try spinning up a marketplace panorama on azure (or AWS/GPC). It's a limited environment as long as you don't attach licences and firewalls etc, but it may help in visualizing what you want to do
Thank you Reaper for your always very precise and decisive answers.
Exactly, just for some migration issues, I was interested in that point, and of course, in case the template generates a problem for me, for some local configuration of interfaces, zones and virtual routers, I just want to confirm that I can revert local configuration that I have, especially interfaces, zones, virtual router, since I want to clean them as you say, and that they are injected from Panorama, from a template. Indeed, my idea is to partially do this cleaning and I was interested in clarifying that point.
I am new to Panorama issues and I ask many questions, since I have no control or access to Panorama client, only some remote sessions that do not reach the time to clarify all the doubts and possible scenarios. I support myself by uploading the config to expedition and / or locally to a firewall VM to go looking and seeing what is local and what is not, but it is not easy, so I try to put myself in all possible scenarios, thanks Reaper.
Yes and no.... And yes :) Let me clarify: Yes1: Most objects that have an override on them (green + orange ⚙️) can be selected/highlighted and then at the bottom hit the "revert" button to put them back to panorama value No: some objects are connected, like interfaces, zones and virtual routers. So for those it's basically override all of them or none of them. Reverting from an override there is difficult as you'd need to revert everything Yes2: if you want to clean house, you can force template values from panorama, this resets all overrides