Has anyone migrated multiple Cisco FWSMs firewall contexts into a single Palo Alto Virtual System ? Is this possible at all ?
Of course you can. The workflow should be separate each context in single files. Then create a zip and import it into the MT. Now import your panos config or device into the same project. Fix everything (invalid services etc) Move objects and policies from the left panel to your base config into the vsys you want. The rules will be appended and then go to objects (after merge) and do the search for duplicated address, groups services and groups and use the proper merge optioj (by name and value, value , etc) Then you can use the consolidator to find similar rules and combine them to reduce the amount of rules. Generate the Api calls or the XML file to export your project.
hope that helps
I have a similar requirement of merging multiple cisco fwsm contexts into a single context in Palo alto. In Cisco FWSM, the security rules will be bound to an interface. If i am merging context, in target i need to bind the rules to a different interface. Is there a way to achieve this in expedition tool?
For eg. I have 100 rules bind to interface ae1.100 in source firewall. While merging the context i want to move these 100 rules to ae1.200. Is this possible using expedition?
I guess you can do that by redefining the Zone those rules are using, and with the routing table you have defined in the device.
Can't speak directly for FWSM, but presumably Expedition handles FWSM the same way it handles ASA - 'nameif' becomes the zone name. A bigger concern would be how Expedition handles NATs from the FWSM, considering the Cisco OS is probably like pre-ASA 8.3...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!