Panorama - Force Template Value
Hello good evening:
As always, thank you very much for the support, collaboration, support and help.
I have the following important question regarding a PANORAMA function, in relation to the "Forced Template Values" option.
According to the documentation, this option performs the following function:
Merge with Cadidate Config = Option to merge the template configuration on panorama with the Candidate Configuration in the device.
Force Template Values = Forces the Panorama template values to be applied on the device
The official help documentation on Panorama says the following:
Force Template Values:
(Disabled by default) Overrides all local configuration settings and removes all objects on the selected firewalls that don't exist in the template or template stack or that are overridden in the local configuration. The push operation reverts all existing configuration on the firewall and ensures that the firewall inherits only the settings defined in the template or template stack.
*
If you push a configuration with Force Template Values enabled, all overridden values on the firewall are replaced with values from the template. Before you use this option, check for overridden values on the firewalls to ensure your commit does not result in any unexpected network outages or issues caused by replacing those overridden values.
My important doubt since executing a bad action could apply changes that could affect the correct functioning of the Firewall, the doubt is with the "Force Template Values" option.
**- This example option if I configure the DNS in Panorama to be able to override the LOCAL configuration of the firewall, which has other DNS and I want to configure both the DNS and the proxy from PANORAMA, with this option it would allow me to execute said change and override local settings ?
**- In addition to this and the special care with this option is what happens in the example case if at the local level I have configurations of HA, of the IP of the MGT and at the Template/Template Stack level I do not have any configuration associated with these configurations, that is, configurations that are turned on that remain local, if I do not have any option in the template, no associated configuration and I only want to example adjust and replace the local configuration of the DNS, the Proxy and the NTP when using "Force Template Values" anyway, even if you don't have anything set in them, it will step on all the locales ? that is, I would leave them blank, thinking that I have nothing associated with HA, the MGT interface, when using "Force Template Values" in order to only step on and apply the DNS, proxy and NTP from the Panorama template, this option will not affect the local values of HA and MGT ?
I remain attentive, in advance thank you very much for the support and collaboration
Best regards
@Reaper Thanks a lot Reaper.
The intention here is to completely remove the HA config from the Panorama template, I understand that by overriding the config locally, everything remains local, but my doubt is that when you delete the configuration from the Panorama template, what happens with everything What was the override applied to, if that HA config will no longer exist, in the template with the config ? what was overridden, will it become completely local in the firewall ? The idea is that it be 100% local, without applying override, that there is nothing in the HA config template, and that it only exists completely locally, without any kind of green gear (push template) or green/orange gear which indicates the override, only that the entire section of the configuration remains totally and absolutely local.
Thank you, stay tuned, regards