Expedition Discussions

Reply
L5 Sessionator
Posts: 588
Registered: ‎01-26-2011

Merging 2 ASA configurations into 1

I have a task to migrate a policy from 2 ASA firewalls into 1. Haven't seen policies yet but i think it's like 2 seperate entities. Anyone had similar project? How did you aproach it? My only idea so far is use Expedition for the more complex config and manually migrate the other.

Is there maybe a way to use Expedition for both?

L4 Transporter
Posts: 172
Registered: ‎05-01-2009

Re: Merging 2 ASA configurations into 1

This is possible with Expedition, but you'll have to do some pre-planning to design how you want to collapse the configs. Most importantly, do youy plan to maintain the logical separation by using separate VR's or even possibly VSYS for each rulebase? I would suggest using separate VR's for each. The next design question will be the zone assignments for each config and assign those zones to the right rulebase. 

 

Here's a process you can follow:

-migrate the first config

-setup the networking including the interfacee, VR and security zones

-cleanup, verify and complete the migration for the first ASA config

-create the XML

-use the created XML as your new base config

 

-follow the migration process for the second asa config and merge it into your new base config (from above)

L5 Sessionator
Posts: 588
Registered: ‎01-26-2011

Re: Merging 2 ASA configurations into 1

[ Edited ]

Thank you. Good idea with base configs.

Don't know yet about logical seperations, still waiting for configs and wishes. 

L2 Linker
Posts: 23
Registered: ‎04-19-2016

Re: Merging 2 ASA configurations into 1

If you are going to try to be consolidating the two configs to one single rule-base the tool will be extremely helpful as you can filter rules then multi-edit them (to change source or desintation zones as needed), you can then tag  any rules that will need follow up once you get the config onto PAN-OS

L5 Sessionator
Posts: 588
Registered: ‎01-26-2011

Re: Merging 2 ASA configurations into 1

Thanx all for suggestions. In the end it turns out the second ASA was slowly 'abandoned' so nothing there to migrate :)

 

However i'm having issues converting policy from ASA 8.2 (as explained in different topic :P )

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!