I am doing migration from SRX to PA.
1- This tool gives me the option for interface migration? Like interface name ge-0/0/0 equivalent to which interface in PA?
2- Also Can I only migrate the policies (including address objects etc), export from tool and import into PA?
Solved! Go to Solution.
Of course you can. Just select the interface and click on "remap" and select the pan interface you want to use.
And Of course after upload the Base config you can choose to drag and drop only the objects and policies to migrate and then click on MERGE
Hope that helps
Thank you. is it necessary, I have to upload the base config of PA?. What I am planning is to make HA cluster of two PA, then export the interface config, zone config, address book, policies etc from tool and import into PA cluster. Is that good approach?
OR should I make HA, import into tool as base config and then through API push elements one at a time or through drag and drop export and import into HA ?
I will recommend you first configure your firewalls in HA. After that upload the config from your Active device (if you are in Active-Passive) into the tool. Then After you move all the objects from the left panel to your Base config and click on Merge I will use the Api Output Manager to send to your Firewall exactly what you want (address, services, groups, policies, etc)
Remember to add the device first in your MT to import the config (Base Config) from there.
Hope you can find this way works better
Thanks. This really helped. One more thing, Does MT already have all latest app-id database inside the tool? that could be used in policies, while working with candidate configuration in firewall manager OR tool is getting those app-id from snippet or added PANOS device in the tool?
Appreciated your reply
The version inside the tool is not the latest but you get the latest from one of your Palo Alto Networks devices. If you add a device into the Tool when you create a new Project you can select the device in the Source combo box. This will create the new project and will use the Applications from your device in order to be in sync :-)
Thank you. Should I have to import only active PA device from HA into the tool for the project OR I can use any PA like virtual PA for migration purose OR migration is possible without adding any device?
Its your choice :-)
If you want to migrate to your Active member its recomended to add the Device or import the config from the Active into the tool. If you want to have the same apps into the tool same you have in your device then add the device, start a new project and select your device as a Source. Then import the config by double-click to your device from inside the Project. !!
At the end of your migration you be able to generate API calls to only send what you need to your Active Member since the device is already registerded with the MT !
Hope that helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!