I'm trying to move a converted ASA config into a panorama base config that I imported into the tool. I was able to drag and drop these into the panorama base config:
But I'm not able to move over the Profiles (Security Profile Groups, Security Profiles, Log Forwarding Profiles). I tried to dragging them to every possible spot in the panorama base config but nothing happens.
Is this a bug?
Solved! Go to Solution.
If you are moving a Cisco ASA to Panorama you dont have this profiles into your Cisco Asa config right? So the workflow will be
1) Load the ASA into the MT3
2) Fix all the services, invalid
3) Search and Replace invalid services in Rules by the right app-id
4) Clean your rules using the consolidation features.
When all its clean import your Panorama as a Base Config
Drag and drop the objects into your DeviceGroup and click on Merge
Now all the rules and objects are part of your Panorama use it in your new Rules ! You dont have to migrate nothing becasue its already there
Hope it helps
So I've gone through that entire workflow actually, and I get to the "Drag and drop the objects into your DeviceGroup and click on Merge" step.
I can drag and drop security rules, NAT rules, address/service objects; but I CAN'T drag and drop the security and log forwarding profiles that I previousoly created in the MT3 and assigned to all of my security rules.
So since I can't move over those profiles into the merge operation, the outputted XML has all of my rules but without the attached security profiles. The security profiles themselves don't exist as objects either in the outputted XML (independent of whether or not they are attached to my security rules).
Can you confirm that you can drag and drop security and/or log forwarding profiles into a Panorama base config?
Not really, In my workflow I didnt tell anything regarding add any log profile in your Cisco config until you MERGE this config with your Base config. Then whatever you create its already in your Base config, then you can assign to your rules. Makes sense?
Ah ok. I didn't realize that you couldn't add log/security profiles to rules until after you do the MERGE operation with the Base config. Everything seems to have worked once I did that. Thanks!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!