There are various use cases for the reset. Variations specific to with/without > 1 users and with/without GPCS as part of the demo. The demo system should also remove licenses from the fw before deleting the image.
For a basic single user w/out GPCS, easy to go into Panorama and delete all device-groups and stacks then commit. Or use the Vistoq portal to go to a preset configuration file. This puts Panorama back to the initial state. In relation, the instantiated firewalls can be deleted from the portal. In this case, the automated model would:
Reset Panorama to baseline or delete device-groups and stacks (assumes no other config changes) with a commit
Return the fw licenses back to the pool
Delete the fw instances
If GPCS is included in the demo it gets a bit more complex. Panorama should remove all of the remote network configurations, commit and push to the cloud. This ensures the cloud config is sync'd. In the current version of Panorama (no multi-tenancy) the DG and stack stay as part of the core. In future versions, the demo may require core and remote_network config deletions.
Flow may be for simple remote network demo:
Remove all remote networks and commit to the cloud
A full demo including a new core (non-multitenancy) may require reset of Panorama to a snapshot image, just after the OTP is added. Early version of GPCS had issues with modifying the core configuration including changes to the infrastructure subnet. Once reset then a commit to the cloud to sync.
Multi-user demos as required will require more precise deletions. Thus likely manual with proper documentation. More complex solution would be to keep state of each demo addition and back out specific pieces.
Delete any DG/stacks for VM demos.
Delete the VM instances with license returned to the pool
nembery
commented
5 years ago
There are various use cases for the reset. Variations specific to with/without > 1 users and with/without GPCS as part of the demo. The demo system should also remove licenses from the fw before deleting the image.
For a basic single user w/out GPCS, easy to go into Panorama and delete all device-groups and stacks then commit. Or use the Vistoq portal to go to a preset configuration file. This puts Panorama back to the initial state. In relation, the instantiated firewalls can be deleted from the portal. In this case, the automated model would:
Reset Panorama to baseline or delete device-groups and stacks (assumes no other config changes) with a commit Return the fw licenses back to the pool Delete the fw instances If GPCS is included in the demo it gets a bit more complex. Panorama should remove all of the remote network configurations, commit and push to the cloud. This ensures the cloud config is sync'd. In the current version of Panorama (no multi-tenancy) the DG and stack stay as part of the core. In future versions, the demo may require core and remote_network config deletions.
Flow may be for simple remote network demo:
Remove all remote networks and commit to the cloud A full demo including a new core (non-multitenancy) may require reset of Panorama to a snapshot image, just after the OTP is added. Early version of GPCS had issues with modifying the core configuration including changes to the infrastructure subnet. Once reset then a commit to the cloud to sync.
Multi-user demos as required will require more precise deletions. Thus likely manual with proper documentation. More complex solution would be to keep state of each demo addition and back out specific pieces.