Migration from SRX- Interfaces name conversion?

Reply
L2 Linker

Migration from SRX- Interfaces name conversion?

Hello

 

I am doing migration from SRX to PA.

1- This tool gives me the option for interface migration? Like interface name ge-0/0/0 equivalent to which interface in PA?

2- Also Can I only migrate the policies (including address objects etc), export from tool and import into PA? 

L7 Applicator

Re: Migration from SRX- Interfaces name conversion?

Hi,

 

Of course you can. Just select the interface and click on "remap" and select the pan interface you want to use.

And Of course after upload the Base config you can choose to drag and drop only the objects and policies to migrate and then click on MERGE

 

Hope that helps

L2 Linker

Re: Migration from SRX- Interfaces name conversion?

Thank you. is it necessary,  I have to upload the base config of PA?. What I am planning is to make HA cluster of two PA, then export the interface config, zone config, address book, policies etc from tool and import into PA cluster. Is that good approach?

OR should I make  HA, import into tool as base config and then through API push elements one at a time or through drag and drop export and import into HA ?

L7 Applicator

Re: Migration from SRX- Interfaces name conversion?

Hi,

 

I will recommend you first configure your firewalls in HA. After that upload the config from your Active device (if you are in Active-Passive) into the tool. Then After you move all the objects from the left panel to your Base config and click on Merge I will use the Api Output Manager to send to your Firewall exactly what you want (address, services, groups, policies, etc)

 

Remember to add the device first in your MT to import the config (Base Config) from there.

 

Hope you can find this way works better

L2 Linker

Re: Migration from SRX- Interfaces name conversion?

Hello 

 

Thanks. This really helped. One more thing, Does MT already have all latest app-id database inside the tool? that  could be used in policies, while working with candidate configuration in firewall manager OR tool is getting those app-id from snippet or added PANOS device in the tool?

 

Appreciated your reply

L7 Applicator

Re: Migration from SRX- Interfaces name conversion?

Hi,

 

The version inside the tool is not the latest but you get the latest from one of your Palo Alto Networks devices. If you add a device into the Tool when you create a new Project you can select the device in the Source combo box. This will create the new project and will use the Applications from your device in order to be in sync :-)

 

Regards

L2 Linker

Re: Migration from SRX- Interfaces name conversion?

Thank you. Should I have to import only active PA device from HA into the tool for the project OR I can use any PA like virtual PA for migration purose OR migration is possible without adding any device?

Highlighted
L7 Applicator

Re: Migration from SRX- Interfaces name conversion?

Its your choice :-)

 

If you want to migrate to your Active member its recomended to add the Device or import the config from the Active into the tool. If you want to have the same apps into the tool same you have in your device then add the device, start a new project and select your device as a Source. Then import the config by double-click to your device from inside the Project. !!

 

At the end of your migration you be able to generate API calls to only send what you need to your Active Member since the device is already registerded with the MT !

 

Hope that helps!

L2 Linker

Re: Migration from SRX- Interfaces name conversion?

Thanks for the great explaination. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!