This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cisco Router ACL to PA?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cisco Router ACL to PA?

Go to solution
Muldov
L1 Bithead

‎01-23-2019 02:55 PM - edited ‎01-23-2019 04:56 PM

We have a scenario whith a client, who has been using router ACLs as their primary source, and looking to get them into PA. Will the latest version of Expidition allow the conversion of a routers ACL to Palo config? Or are we looking at having to build it manually via the CSV Import functionality?

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
sjanita
L5 Sessionator

‎01-23-2019 06:53 PM

Cisco ACL to PA migration is not currently supported within Expedition but you can followup with your local PAlo Alto Networks professional services team to ask if they have other options to help with the migration of your cisco ACL's.

View solution in original post

4 REPLIES 4

Go to solution
sjanita
L5 Sessionator

‎01-23-2019 06:53 PM

Cisco ACL to PA migration is not currently supported within Expedition but you can followup with your local PAlo Alto Networks professional services team to ask if they have other options to help with the migration of your cisco ACL's.

Go to solution
Muldov
L1 Bithead
In response to sjanita

‎01-23-2019 06:58 PM

Weak! 

Appreciate it. Would you happen to have any documentation handy that would assist with the proper syntax of how to build them out via the CSV Import? 

We have a copy of the ACLs, which i can filter down and mod, however when i follow the one guide i found, it only recognizes the commas for column field, not the ; for the additional column

0 Likes Likes

Go to solution
sjanita
L5 Sessionator
In response to Muldov

‎01-23-2019 07:32 PM

the column separators use ';' for the CSV import. 

 

when converting the ACL's you'll have to account for the variation in the number of elements in each acl as the CSV format needs to have every line to have the same number of elements/conditions for importing. 

 

for ACL's that have less elements than the ACL with the most elements you can add the appropriate number of ';' to meet the requirement that each line must have the same number of elements, see the example below. 

 

access-list; 102; deny   ;tcp ;any ;any ;eq ;23
access-list; 103; permit ;ip  ;any ;any ;   ;

 

Go to solution
Muldov
L1 Bithead
In response to sjanita

‎01-23-2019 07:39 PM - edited ‎01-23-2019 07:40 PM

AHHHH! That would explain it. 

Looking back at my lines, there are fields for ranges that would cause empty spacing in other populated, For instance, one with range  and 2 set ranges and another with Eq and maybe 6 port listings, equating to differing column lengths in total. 

Makes perfect sense! Thank you very much!!!!

0 Likes Likes
  • 1 accepted solution
  • 5873 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks