Tunnel Migration

Reply
L0 Member

Tunnel Migration

Hello,

 

I am going to migarte my production firewall PA5050 into new location, already done the setup of firewall.

 

Can any one please suggest the best possible way to migrate my all IPVPN tunnels in New Palo Alto, is basilcy to move one palo alto to another one, do we have a specified tool for that? or i need to do it manually.

 

Thanks

amit

L7 Applicator

Re: Tunnel Migration

Hello,

Are you saying you already have a new PAN at the new location and just want to swing the unnels to the new one? Are the external IP's the same at the new location or different?

 

Regards,

L0 Member

Re: Tunnel Migration

Hello, 

 

Yes the new PAN is already in place, just need to swing the all tunnels adn IKE profiles.

 

The source IP of tunnel is diffrent but the destination for all location would be the same.

 

 

L7 Applicator

Re: Tunnel Migration

Hello,

Honestly, the way I always done it in the past was just to built a new tunnel with a new key. This way new keys are used and you have tunnels to both sites and can control it by routing, etc.

 

You could export the config from the old PAN and the new PAN and jsut copy the settings you want from the old xml file to the new one and then just import the modified one into the new PAN.

 

Hope that helps.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!