MT 3.3.7a - From CheckPoint to PaloAlto - vsys1 statement is missing on subinterfaces

Highlighted
L0 Member

MT 3.3.7a - From CheckPoint to PaloAlto - vsys1 statement is missing on subinterfaces

Hi,

When we merge interfaces from CheckPoint to Palo Alto base, and generate xml output, all the subinterfaces is missing the vsys1 statement. However, the "native" interfaces is ok.

 

Workflow we use in MT 3.3.7a:

- Import CheckPoint

- map interfaces to Palo Alto statements 

- merge (drag'n'drop) to Palo Alto PA3050 vsys enabled base xml

- generate xml output

- import / load xml on PA device

Load config generate "invalids" beacuse of the vsys statement is missing on subinterfaces.

Is this expected? 

 

Regards,

Frode

L7 Applicator

Re: MT 3.3.7a - From CheckPoint to PaloAlto - vsys1 statement is missing on subinterfaces

Hi,

 

After you merge you have to switch the source to your Panos config by using the combo box top-right. After you have selected your config and vsys go to Devices. Select your Vsys1 and edit it. Under Interfaces add a new one and select "All interfaces" this will automtacially add the interfaces you have now in your Device, click on Update and Save.

 

Its important before you do this to doucle check there are not duplicated interfaces, maybe if you have remaped your eth1 to ethernet1/1 and when you have imported your panos config an interface called ethernet1/1 was imported to the tool after the merge you will see duplicated interfaces, just remove the one came from Panos and keep the new one from the other vendor, then at the end go and edit your Vsys and add as well the new VR if there is any.

 

Tell us if this solves your problem , we are working to see how we can automatise this for newer versions. Thanks for the feedback

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!