My Experience Using the Migration Tool 3.0 for an APP-ID Migration from Panorama Log

by jshao on ‎04-10-2015 09:59 AM (8,259 Views)

I did an APP-ID migration from Panorama using the Migration Tool 3.0.


Here are the details of my setup:

1. All policies configured/pushed through Panorama DG, the firewall did not have a local policy.

2. All log were forwarded to Panorama and Panorama can see the traffic logs.

3. The firewall is a PA-7050 and Panorama is M-100.

Here are some caveats I learned:

  • Make sure you are using the latest version of the Migration Tool 3.0. The older version still had some issues reading logs from Panorama, the latest is best.
  • In the log connector section and for the connected device chose the actual firewall, not Panorama.
  • The log source should be Panaroma.
  • If possible, the machine running Migration Tool 3.0 should have local connectivity to Panorama to reduce the latency.
  • In my previous experiences with the tool I was using VPN to connect Panorama, which caused the tool to get stuck during the APP-ID migration process.
  • Start the log period with small intervals to make sure it works first, then switch to a longer time frame such as 30 days.

Please let me know if you have any questions about my experience using the tool!

Thanks,

Jimmy

Comments
by pulukas
on ‎04-18-2015 05:44 AM

Thanks for sharing the outline.  Very helpful.