Scribd
Upload
11 views3 pages

Manage Precedence of Inherited Objects

The document provides guidance on managing the precedence of inherited objects in Panorama's Device Group Hierarchy. It explains how to reverse the default order of precedence, allowing ancestor object values to take priority over overridden values in descendant device groups. Steps for implementing these changes and committing them are also outlined.

Uploaded by

bibist
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views3 pages

Manage Precedence of Inherited Objects

The document provides guidance on managing the precedence of inherited objects in Panorama's Device Group Hierarchy. It explains how to reverse the default order of precedence, allowing ancestor object values to take priority over overridden values in descendant device groups. Steps for implementing these changes and committing them are also outlined.

Uploaded by

bibist
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

(/content/techdocs/en_US.

html)

Updated on Thu Mar 13 20:26:10 UTC 2025

Home (/) | Panorama (/content/techdocs/en_US/panorama.html)


| Panorama Administrator's Guide (/content/techdocs/en_US/panorama/10-1/panorama-admin.html)
| Manage Firewalls (/content/techdocs/en_US/panorama/10-1/panorama-admin/manage-firewalls.html)
| Manage Device Groups (/content/techdocs/en_US/panorama/10-1/panorama-admin/manage-firewalls/manage-device-groups.html)
| Manage Precedence of Inherited Objects (/content/techdocs/en_US/panorama/10-1/panorama-admin/manage-firewalls/manage-device-
groups/manage-precedence-of-inherited-objects.html)

DOWNLOAD PDF (/CONTENT/DAM/TECHDOCS/EN_US/PDF/PANORAMA/10-1/PANORAMA-ADMIN/PANORAMA-


ADMIN.PDF)

Panorama Administrator's Guide


(/content/techdocs/en_US/panorama/10-
1/panorama-admin.html)
Manage Precedence of Inherited Objects

Table of Contents

By default, when device groups at different levels in the Device Group Hierarchy (/content/techdocs/en_US/panorama/10-
1/panorama-admin/panorama-overview/centralized-firewall-configuration-and-update-management/device-groups/device-
group-hierarchy.html#id014f3417-fe14-4fdd-8fd7-c03ac8cb2e0b) have an object with the same name but different values
(because of overrides, as an example), policy rules in a descendant device group use the object values in that descendant
instead of using object values inherited from ancestor device groups. Optionally, you can reverse this order of precedence to
push values from the highest ancestor containing the object to all descendant device groups. After you enable this option, the
next time you push configuration changes to device groups, the values of inherited objects replace the values of any
overridden objects in the descendant device groups. The figure below demonstrates the precedence of inherited objects in a
device group:

If a firewall has locally defined objects with the same name as shared or device group objects that Panorama
pushes, a commit failure occurs.


This site uses If you want
cookies to revert
essential a specificfor
to its operation, overridden object
analytics, and to its ancestor
for personalized values
content andinstead
ads. By of pushing ancestor values to
all overridden
continuing to browse objects,
this site, you see Revert
acknowledge to Inherited
the use of cookies.Object
PrivacyValues (/content/techdocs/en_US/panorama/10-
statement ❯ Cookie Settings
(https://www.paloaltonetworks.com/legal-notices/privacy)
1/panorama-admin/manage-firewalls/manage-device-groups/revert-to-inherited-object-
values.html#idb6e923d1-c97d-4ac3-8a3a-ec6a19e03082).

STEP 1 -
Select Panorama > Setup > Management and edit the Panorama Settings.

STEP 2 -
If you want to reverse the default order of precedence, select Objects defined in ancestors will take higher
precedence. The dialog then displays the Find Overridden Objects link, which provides the option to see how
many overridden (shadowed) objects will have ancestor values after you commit this change. You can hover
over the quantity message to display the object names.

If you want to revert to the default order of precedence, clear Objects defined in ancestors will take higher
precedence.

Find Overridden Objects only detects a Shared device group object that shares a name with
another object in the device group.

STEP 3 -
Click OK to save your changes.

STEP 4 -
Select Commit > Commit to Panorama and Commit your changes.

STEP 5 -
( Optional ) If you selected Objects defined in ancestors will take higher precedence, Panorama does not
push the ancestor objects until you push configuration changes to device groups: select Commit > Push to
Devices and Push your changes.

Was this information helpful?

Yes No

Next
Previous (/content/techdocs/en_US/panorama/10-
Move or
(/content/techdocs/en_US/panorama/10-
Manage Clone a 1/panorama-admin/manage-
1/panorama-admin/manage-
Unused Policy Rule firewalls/manage-device-groups/move-
firewalls/manage-device-groups/manage-
Shared or Object to a or-clone-a-policy-rule-or-object-to-a-
unused-shared-objects.html)
Objects Different different-device-group.html)
Device Group

Technical Documentation Company

Release Notes (/content/techdocs/en_US/release-notes.html) About (https://www.paloaltonetworks.c


Search (/content/techdocs/en_US/search.html) Careers (https://jobs.paloaltonetworks.
Blog (https://www.paloaltonetworks.com/blog/category/technical-documentation/) Customer Support (https://support.palo
Compatibility Matrix (/content/techdocs/en_US/compatibility-matrix.html) LIVE Community (https://live.paloaltone
This site uses cookies essential to its operation, for analytics, and for personalized content and ads. By
OSS Listings (/content/techdocs/en_US/oss-listings.html) Knowledge Base (https://knowledgebas
continuing to browse this site, you acknowledge the use of cookies. Privacy statement ❯
Sitemap (/content/techdocs/en_US/sitemap.html)
(https://www.paloaltonetworks.com/legal-notices/privacy)
(https://www.facebook.com/PaloAltoNetworks) (https://www.linkedin.com/company/palo-alto-networ

(/content/techdocs/en_US.html) © 2025 Palo Alto Networks, Inc. All rights reserved.

This site uses cookies essential to its operation, for analytics, and for personalized content and ads. By
continuing to browse this site, you acknowledge the use of cookies. Privacy statement ❯
(https://www.paloaltonetworks.com/legal-notices/privacy)

You might also like