Final answer:
To resolve an "out of sync" issue on a firewall after a Panorama commit, verify communication between devices, review logs, perform a manual commit to the specific device, compare policies for mismatches, and potentially restart the management plane.
Step-by-step explanation:
When a firewall is showing an "out of sync" status in the Shared Policy column after a Commit operation from Panorama, it typically indicates that the configuration on Panorama and the firewall are not the same. To resolve this issue, you can follow these steps:
- Verify that the Panorama and firewall are communicating correctly, and check any recent commits or changes that may not have been fully updated or synchronized.
- Review the device's logs for any errors that might provide clues as to why the sync failed. This could include connectivity issues or invalid configuration elements.
- Perform a manual 'Commit to Device' from the Panorama for the specific firewall that is out of sync. This should push the latest Shared Policy to the firewall and resolve any discrepancies.
- If the issue persists, compare the Panorama's policy against the firewall's local policy to identify any mismatches and manually reconcile them.
- In some cases, restarting the management plane on the firewall (with caution, as this can affect administrative access) may help to reset the synchronization process.
By re-establishing the synchronization between Panorama and the problematic firewall, you ensure that all devices have a consistent and current shared policy applied to them. If these steps do not resolve the issue, further diagnostics or support may be required.