https://live.paloaltonetworks.com/t5/next-generation-firewall/migration-to-pan-from-cisco/m-p/617292#M4995 <P>Hello everyone,</P><P><BR />I am newbie to PAN Firewall. Sorry that I haven't got much experience on Firewalls.</P><P><BR />Currently we are in the middle of the migration as from the Cisco ASA with Firepower into PAN 1400 series. Have done some NATs and Security Policies migrations.</P><P><BR />The existing Cisco environment is with two Contexts and some experts assisted us to create two Virtual Routers (VR01 and VR02) to try to cover the setup in Cisco.</P><P>VR01 is closer to our internal, and VR02 is more internet facing.</P><P><BR />We also defined a few zones like, internal, priv_dmz, pub_dmz, inet_zone</P><P><BR />Since we have VRs, priv_dmz has one interface in VR01 and one in VR02, pub_dmz also has one interface in VR01 and one in VR02.</P><P><BR />I apparently not familiar with the Virtual Routers. So here I got questions about that.</P><P><BR />1. when we are in Cisco, our PAT address was whitelisted by most of the vendors. but during the setup by the experts, they setup the PAT address into pub_dmz-VR02 IP 16.16.16.254, but the IP 16.16.16.252 is the PAT we used in Cisco. Can I change it to use priv_dmz-VR01? Not sure it has any effect on any other things.</P><P><BR />2. we are still using this Cisco VPN and will also migrate to GlobalProtect too. Currently this VPN gateway is mapped to IP 16.16.16.252. So if we keep the Num1 item above, would that affect the GP.</P><P>&nbsp;</P><P>Thanks in advance</P><P>Timothy</P> Wed, 13 Nov 2024 01:33:14 GMT timothy.lau 2024-11-13T01:33:14Z https://live.paloaltonetworks.com/t5/next-generation-firewall/migration-to-pan-from-cisco/m-p/617292#M4995 <P>Hello everyone,</P><P><BR />I am newbie to PAN Firewall. Sorry that I haven't got much experience on Firewalls.</P><P><BR />Currently we are in the middle of the migration as from the Cisco ASA with Firepower into PAN 1400 series. Have done some NATs and Security Policies migrations.</P><P><BR />The existing Cisco environment is with two Contexts and some experts assisted us to create two Virtual Routers (VR01 and VR02) to try to cover the setup in Cisco.</P><P>VR01 is closer to our internal, and VR02 is more internet facing.</P><P><BR />We also defined a few zones like, internal, priv_dmz, pub_dmz, inet_zone</P><P><BR />Since we have VRs, priv_dmz has one interface in VR01 and one in VR02, pub_dmz also has one interface in VR01 and one in VR02.</P><P><BR />I apparently not familiar with the Virtual Routers. So here I got questions about that.</P><P><BR />1. when we are in Cisco, our PAT address was whitelisted by most of the vendors. but during the setup by the experts, they setup the PAT address into pub_dmz-VR02 IP 16.16.16.254, but the IP 16.16.16.252 is the PAT we used in Cisco. Can I change it to use priv_dmz-VR01? Not sure it has any effect on any other things.</P><P><BR />2. we are still using this Cisco VPN and will also migrate to GlobalProtect too. Currently this VPN gateway is mapped to IP 16.16.16.252. So if we keep the Num1 item above, would that affect the GP.</P><P>&nbsp;</P><P>Thanks in advance</P><P>Timothy</P> Wed, 13 Nov 2024 01:33:14 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/migration-to-pan-from-cisco/m-p/617292#M4995 timothy.lau 2024-11-13T01:33:14Z