I am going to migarte my production firewall PA5050 into new location, already done the setup of firewall.
Can any one please suggest the best possible way to migrate my all IPVPN tunnels in New Palo Alto, is basilcy to move one palo alto to another one, do we have a specified tool for that? or i need to do it manually.
Are you saying you already have a new PAN at the new location and just want to swing the unnels to the new one? Are the external IP's the same at the new location or different?
Yes the new PAN is already in place, just need to swing the all tunnels adn IKE profiles.
The source IP of tunnel is diffrent but the destination for all location would be the same.
Honestly, the way I always done it in the past was just to built a new tunnel with a new key. This way new keys are used and you have tunnels to both sites and can control it by routing, etc.
You could export the config from the old PAN and the new PAN and jsut copy the settings you want from the old xml file to the new one and then just import the modified one into the new PAN.
Hope that helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!