![]() ![]() You still can create local rules and objects in case of emeregency - for example security engineer with access to panorama is not available, but local network engineer need to allow some traffic to solve user incident/request. This way firewall will not know who to handle the traffic (which object in which rule is used, or which rule is actually used). Device Groups - Even without Panorama (local fw config) you cannot have multiple object sharing the same name, or multiple rules/policies using the exact same name. ![]() Now you probably know this already, but it important to mention it, because there is fundamental difference between Templates and Device Groups about how they handel local configuration. Panorama GUI is trying to help you to remember which settings where are managed by the brackets above the relevant tabs: For example what NTP and DNS should the device use and what IP addresses are assigned on the device. Templates are used to push device and networking configuration. Basically it is defining the firewall security functions For example here you define address objecets and use them in security rules. Device Groups are used to push objects and policies and security profiles. ![]() Let first discuss something fundamental - Templates vs Device Groups: ![]()
0 Comments
Leave a Reply. |