Final answer:
To push out a firewall rule change from Panorama, configure the changes, commit to Panorama, push the configuration to device groups or templates, perform a 'Commit to Device Group' or 'Push to Devices' operation, review validation checks, finalize the push and monitor the commit status.
Step-by-step explanation:
To successfully push out a firewall rule change from the Panorama to Palo Alto Networks firewalls, there are specific steps that must be followed. These steps ensure that changes are made accurately, efficiently, and without causing disruption to the existing network operations.
- Complete the configuration changes within the Panorama management interface.
- Commit the configuration to Panorama. This step saves the changes you've made to the Panorama's local configuration.
- From the Panorama interface, push the configuration to the desired device groups or templates where the firewalls are managed. This step is critical as it applies the changes from Panorama to the individual firewalls.
- On the device groups or templates page, perform a 'Commit to Device Group' or 'Push to Devices' operation. This will open a dialogue box where you can review the changes and confirm the push.
- Review the validation checks and resolve any errors or warnings if they occur during the push process.
- Confirm and finalize the push. Once confirmed, the rules will be queued for a commit to the respective firewalls.
- Monitor the commit status. It's important to ensure that the push was successful and no errors occurred during the commit to the firewalls.
Note that before any change is implemented, it is always recommended to have a backup of the current configuration, and ideally, changes should be tested in a controlled environment before applying them to the production environment.