Hello good evening:
As always, thank you very much for the support, collaboration, support and help.
I have the following important question regarding a PANORAMA function, in relation to the "Forced Template Values" option.
According to the documentation, this option performs the following function:
Merge with Cadidate Config = Option to merge the template configuration on panorama with the Candidate Configuration in the device.
Force Template Values = Forces the Panorama template values to be applied on the device
The official help documentation on Panorama says the following:
Force Template Values:
(Disabled by default) Overrides all local configuration settings and removes all objects on the selected firewalls that don't exist in the template or template stack or that are overridden in the local configuration. The push operation reverts all existing configuration on the firewall and ensures that the firewall inherits only the settings defined in the template or template stack.
*
If you push a configuration with Force Template Values enabled, all overridden values on the firewall are replaced with values from the template. Before you use this option, check for overridden values on the firewalls to ensure your commit does not result in any unexpected network outages or issues caused by replacing those overridden values.
My important doubt since executing a bad action could apply changes that could affect the correct functioning of the Firewall, the doubt is with the "Force Template Values" option.
**- This example option if I configure the DNS in Panorama to be able to override the LOCAL configuration of the firewall, which has other DNS and I want to configure both the DNS and the proxy from PANORAMA, with this option it would allow me to execute said change and override local settings ?
**- In addition to this and the special care with this option is what happens in the example case if at the local level I have configurations of HA, of the IP of the MGT and at the Template/Template Stack level I do not have any configuration associated with these configurations, that is, configurations that are turned on that remain local, if I do not have any option in the template, no associated configuration and I only want to example adjust and replace the local configuration of the DNS, the Proxy and the NTP when using "Force Template Values" anyway, even if you don't have anything set in them, it will step on all the locales ? that is, I would leave them blank, thinking that I have nothing associated with HA, the MGT interface, when using "Force Template Values" in order to only step on and apply the DNS, proxy and NTP from the Panorama template, this option will not affect the local values of HA and MGT ?
I remain attentive, in advance thank you very much for the support and collaboration
Best regards
It only applies to a few things. HA config does not exist in the XML before you create config, so the 'high-availability' bit remains in config after you've removed all the parameters MGT config already exists, so removing parameters from it does not leave such a blank setting (but it's always good to double check)