Expedition SonicWall Support?

Reply
L3 Networker

Expedition SonicWall Support?

Hi,

 

It appears that SonicWall configs are not supported in the Expedition Migration Tool. Are there any plans to add support for this firewall vendor?

 

Thanks.

L7 Applicator

Re: Expedition SonicWall Support?

Hi,

 

Its in our radar but we dont have any release date yet, I will post it here when we are close

 

Regards

L0 Member

Re: Expedition SonicWall Support?

My Palo Alto guy was super helpful in this reguard but I still need help.  

 

"This is what I got back from the SE org. "We handle it [SonicWall Migration] through CSV import function:"

 

1) Retrieve exported config from sonicwall (it’s base64 encoded, so it needs to be parsed) 

2) Download SonicReader (free), it spits out the config in an HTML file

3) Copy the HTML tables and paste into exel. Format the data appropriately. There are some nuances, for example Sonicwall service objects might be “TCP” but migration tool looks for “tcp” in lower case. This is just trial and error.

4) Save file as a CSV and change to a semi-colon delimited file

5) import CSV into MT.

 

- I recommend doing it in small stages. Eg. Import address objects first and actually push it to the candidate config of a firewall. If there are formatting issues, better to learn now than when pushing a full config consisting of address objects, groups, service objects, policies, etc and you get over 1000 errors. Once you complete the address objects, move to address groups, push to the candidate config of a firewall, etc."

 

I was able to get through most of those steps successfully and was able to upload them into the import section of the tool.  Unfortunately there are 12 different sections in the HTML I generated and only 9 differently named sections to upload CSV files.  

 

These are the sections from HTML              These are the options in the MT

01PNT-Interfaces.csv                                     “interfaces”

02PNT-AddressObjects.csv                          This likely correlates to the “Address” dropdown in Expedition import

03PNT-AddressGroups.csv                           “address groups” is an exact match

04PNT-ServiceObjects.csv                            “Services”

05PNT-ServiceGroups.csv                            “Service Groups”

06PNT-Zones.csv

07PNT-FirewallPolicies.csv

08PNT-NATPolicies.csv

09PNT-UserObjects.csv

10PNT-UserGroupObjects.csv

11PNT-IPSec-Tunnels.csv

12PNT-RoutingObjects.csv

 

…but the Regions, Security Rules, and Static Routes from the Expedition import window don’t seem to correlate to the HTML sections.

 

Everything was presented very nicely as a table in the HTML file but the Zones did not show up in a table so I'm not sure how to configure them.  

Highlighted
L4 Transporter

Re: Expedition SonicWall Support?

This process, mostly SonicReader, didn't seem to work correctly for me.

 

Something I am trying instead is this:

  1. Download and Install FortiNet's FortiConverter (Original price at CDW was $3,068.99 for 1yr, on sale for $926.01)
  2. Convert SonicWall config to FortiNet
  3. Use Expedition to import and convert FortiNet config to Palo Alto Networks.

If this is successful I'll update with more notes.

 

 

L1 Bithead

Re: Expedition SonicWall Support?

@bspilde Did the FortiConverter route work?

L1 Bithead

Re: Expedition SonicWall Support?

@KenLynch What migration tool did you use for this? The old one or Expedition? Also did you come across a SonicReader version later than 0.7? Thanks in advance!

L4 Transporter

Re: Expedition SonicWall Support?

 

Delvin.C

 

If you can capture (to a text file) the sonicwall config from the output of the command:

 

admin@sonicwall> show current-config

 

I can test the migration against some internal tools being developed. 

 

send an email to fwmigrate (at) paloaltonetworks.com

 

 

L0 Member

Re: Expedition SonicWall Support?

I could not find and download the old tool. It was removed from production I think.  The new Expedition tool looked not quite ready for production at the time of my migration.  We eneded up hiring a very talented consultant named Shawn who helped us through the proces. 

 

L4 Transporter

Re: Expedition SonicWall Support?

I think it would have but purchasing FortiConverter was not approved. I ended up going line for line manually with the Fortinet admin from the acquired company. Turned out much of the config wasn’t required anyway so it was a good audit as well.
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!