I did an APP-ID migration from Panorama using the Migration Tool 3.0.
Here are the details of my setup:
1. All policies configured/pushed through Panorama DG, the firewall did not have a local policy.
2. All log were forwarded to Panorama and Panorama can see the traffic logs.
3. The firewall is a PA-7050 and Panorama is M-100.
Here are some caveats I learned:
Please let me know if you have any questions about my experience using the tool!
Thanks for sharing the outline. Very helpful.