07-10-2015 02:20 PM
I need to merge 2 Juniper/Netscreen configurations in one to upload to PA.
Does anyone tried this and knows how to do it with MT?
Detailed explanation would be really appreciated.
07-10-2015 02:59 PM
I will try to explain it:
0) Create a new Project
1) Import your PaloAlto Networks Configuration as a Base Config.
2) Import Netscreen1. Fix invalid services and Address, replace invalid services by App-IDs, remap Interfaces into PaloAlto interfaces name ethernetx/x
3) Import Netscreen2, Fix services, etc.
Now probably you want to merge this 2 configs into one vsys in your base config. Go to the Output where 2 panels are.
4) Drag the Objects and policies from the panel left to the right inside your vsys. Do it for both configs. Then click on MERGE
This has moved all your objects and policies into one vsys.
5) Check the dashboard for duplicated Security Rule names (How To: Search Duplicated Rules by Name) and services and address (groups) You can use the filters from the objects to see the Duplicated by Name and value, then you can merge all those duplicated using the merge by name and value from the bottom bar under the selected object.
Once its finished you can import the zones under the same vsys and the interfaces from both configs (hope you remaped the interfaces that are not the same in both configs) if you assigned in Netscreen1 ethernet1/1 dont use it again in Netscreen2.
The virtual router is the only thing by now that you cannot merge so pick one and add whatever you need inside by hand.
Hope it works
07-20-2015 07:35 AM
Your reponse is helpful and maybe you can guide me a little more on this case:
What if I have already tested 2 PAN configurations and want to merge them.
I know my problem would be VR, interfaces, zones and probably some objects - I can fix that.
Now, I might encounter the following inconvenience:
Because now I will have a configuration of two or 3 firewalls in one, even though rules are different, there will be rules for one firewalls above another and there is no delimiter, except Zone name.
Is there a way to visually split different section of rules, so I can quickly move from one section to another?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!