Cisco Router ACL to PA?

Reply
L1 Bithead

Cisco Router ACL to PA?

We have a scenario whith a client, who has been using router ACLs as their primary source, and looking to get them into PA. Will the latest version of Expidition allow the conversion of a routers ACL to Palo config? Or are we looking at having to build it manually via the CSV Import functionality?

L4 Transporter

Re: Cisco Router ACL to PA?

Cisco ACL to PA migration is not currently supported within Expedition but you can followup with your local PAlo Alto Networks professional services team to ask if they have other options to help with the migration of your cisco ACL's.

L1 Bithead

Re: Cisco Router ACL to PA?

Weak! 

Appreciate it. Would you happen to have any documentation handy that would assist with the proper syntax of how to build them out via the CSV Import? 

We have a copy of the ACLs, which i can filter down and mod, however when i follow the one guide i found, it only recognizes the commas for column field, not the ; for the additional column

L4 Transporter

Re: Cisco Router ACL to PA?

the column separators use ';' for the CSV import. 

 

when converting the ACL's you'll have to account for the variation in the number of elements in each acl as the CSV format needs to have every line to have the same number of elements/conditions for importing. 

 

for ACL's that have less elements than the ACL with the most elements you can add the appropriate number of ';' to meet the requirement that each line must have the same number of elements, see the example below. 

 

access-list; 102; deny   ;tcp ;any ;any ;eq ;23
access-list; 103; permit ;ip  ;any ;any ;   ;

 

Highlighted
L1 Bithead

Re: Cisco Router ACL to PA?

AHHHH! That would explain it. 

Looking back at my lines, there are fields for ranges that would cause empty spacing in other populated, For instance, one with range  and 2 set ranges and another with Eq and maybe 6 port listings, equating to differing column lengths in total. 

Makes perfect sense! Thank you very much!!!!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!