Issue moving profiles to panorama base config

Reply
Highlighted
L3 Networker

Issue moving profiles to panorama base config

I'm trying to move a converted ASA config into a panorama base config that I imported into the tool. I was able to drag and drop these into the panorama base config:

address objects

service objects

nat rules

security rules

But I'm not able to move over the Profiles (Security Profile Groups, Security Profiles, Log Forwarding Profiles). I tried to dragging them to every possible spot in the panorama base config but nothing happens.

Is this a bug?

Tags (1)
L7 Applicator

Re: Issue moving profiles to panorama base config

Hi,

If you are moving a Cisco ASA to Panorama you dont have this profiles into your Cisco Asa config right? So the workflow will be

1) Load the ASA into the MT3

2) Fix all the services, invalid

3) Search and Replace invalid services in Rules by the right app-id

4) Clean your rules using the consolidation features.

When all its clean import your Panorama as a Base Config

Drag and drop the objects into your DeviceGroup and click on Merge

Now all the rules and objects are part of your Panorama use it in your new Rules ! You dont have to migrate nothing becasue its already there

Hope it helps

L3 Networker

Re: Issue moving profiles to panorama base config

So I've gone through that entire workflow actually, and I get to the "Drag and drop the objects into your DeviceGroup and click on Merge" step.

I can drag and drop security rules, NAT rules, address/service objects; but I CAN'T drag and drop the security and log forwarding profiles that I previousoly created in the MT3 and assigned to all of my security rules.

So since I can't move over those profiles into the merge operation, the outputted XML has all of my rules but without the attached security profiles. The security profiles themselves don't exist as objects either in the outputted XML (independent of whether or not they are attached to my security rules).

Can you confirm that you can drag and drop security and/or log forwarding profiles into a Panorama base config?

Thanks

L7 Applicator

Re: Issue moving profiles to panorama base config

Hi,

Not really, In my workflow I didnt tell anything regarding add any log profile in your Cisco config until you MERGE this config with your Base config. Then whatever you create its already in your Base config, then you can assign to your rules. Makes sense?

L3 Networker

Re: Issue moving profiles to panorama base config

Ah ok. I didn't realize that you couldn't add log/security profiles to rules until after you do the MERGE operation with the Base config. Everything seems to have worked once I did that. Thanks!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!